Exploitdb Exploits

CVE-2013-0126 EXPLOITDB text

Verizon Fios Actiontec Mi424wr-gen31 Router Firmware - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

by Jacob Holcomb

View

EIP-2026-114058 EXPLOITDB text VERIFIED

WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities

by m3tamantra

View

EIP-2026-108519 EXPLOITDB text VERIFIED

Joomla! Component com_rsfiles - 'cid' SQL Injection

by ByEge

View

EIP-2026-106350 EXPLOITDB text

DaloRadius - Multiple Vulnerabilities

by Saadi Siddiqui

View

EIP-2026-105944 EXPLOITDB text VERIFIED

ClipShare 4.1.4 - Multiple Vulnerabilities

by AkaStep

View

CVE-2013-3431 EXPLOITDB text

Cisco Video Surveillance Manager < 6.3.3 - Authentication Bypass

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.

by Bassem

View

CVE-2013-1651 EXPLOITDB text

Open-xchange Server - Cryptographic Issue

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.

by Martin Braun

View

EIP-2026-110557 EXPLOITDB text VERIFIED

Petite Annonce - Cross-Site Scripting

by Metropolis

View

EIP-2026-119062 EXPLOITDB text VERIFIED

QlikView - '.qvw' File Remote Integer Overflow

by A. Antukh

View

EIP-2026-116378 EXPLOITDB text

TagScanner 5.1 - Stack Buffer Overflow (PoC)

by Vulnerability-Lab

View

EIP-2026-115021 EXPLOITDB text VERIFIED

Cam2pc 4.6.2 - '.BMP' Image Processing Integer Overflow

by coolkaveh

View

EIP-2026-113214 EXPLOITDB text VERIFIED

Web Cookbook - Multiple SQL Injections

by Saadat Ullah

View

CVE-2013-1814 EXPLOITDB text

Apache Rave < 0.20.1 - Information Disclosure

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

by Andreas Guth

View

EIP-2026-101204 EXPLOITDB text VERIFIED

Cisco Video Surveillance Operations Manager - Multiple Vulnerabilities

by b.saleh

View

EIP-2026-104064 EXPLOITDB text VERIFIED

RubyGems fastreader - 'entry_controller.rb' Remote Command Execution

by Larry W. Cashdollar

View

CVE-2013-2714 EXPLOITDB MEDIUM text VERIFIED

WordPress podPress Plugin <8.8.10.13 - XSS

Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.

by hiphop

CVSS 6.1

View

CVE-2013-2503 EXPLOITDB text VERIFIED

Privoxy <3.0.21 - SSRF

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

by Chris John Riley

View

EIP-2026-110996 EXPLOITDB text VERIFIED

PHPBoost - Arbitrary File Upload / Information Disclosure

by KedAns-Dz

View

EIP-2026-109011 EXPLOITDB text VERIFIED

KindEditor - Multiple Arbitrary File Upload Vulnerabilities

by KedAns-Dz

View

EIP-2026-112512 EXPLOITDB text VERIFIED

SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities

by MustLive

View

EIP-2026-105273 EXPLOITDB text VERIFIED

Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting

by Manuel García Cárdenas

View

EIP-2026-114543 EXPLOITDB text VERIFIED

Your Own Classifieds - Cross-Site Scripting

by Rafay Baloch

View

CVE-2013-2501 EXPLOITDB text VERIFIED

Terillion Reviews <1.2 - XSS

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.

by Aditya Balapure

View

CVE-2013-5094 EXPLOITDB text VERIFIED

McAfee VM 7.5 - XSS

Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.

by Asheesh Anaconda

View

CVE-2013-20006 EXPLOITDB HIGH text VERIFIED

Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.

by LiquidWorm

CVSS 7.5

View