Text Exploits

CVE-2013-20005 EXPLOITDB MEDIUM text VERIFIED

Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.

by LiquidWorm

CVSS 5.3

View

CVE-2013-1668 EXPLOITDB text

Coscms < 1.721 - OS Command Injection

The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.

by High-Tech Bridge SA

View

CVE-2013-1861 EXPLOITDB text VERIFIED

Mariadb < 5.5.32 - Memory Corruption

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

by Alyssa Milburn

View

EIP-2026-100860 EXPLOITDB text

mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read

by Sergey Bobrov

View

EIP-2026-102292 EXPLOITDB text

Remote File Manager 1.2 iOS - Multiple Vulnerabilities

by Vulnerability-Lab

View

CVE-2013-2504 EXPLOITDB text VERIFIED

Matrix42 Service Store <5.33.946.0 - XSS

Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.

by 43zsec

View

EIP-2026-115513 EXPLOITDB text

Kaspersky Internet Security 2013 - Denial of Service

by Marc Heuse

View

EIP-2026-113659 EXPLOITDB text VERIFIED

WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting

by alejandr0.m0f0

View

EIP-2026-103691 EXPLOITDB text VERIFIED

Varnish Cache - Multiple Denial of Service Vulnerabilities

by tytusromekiatomek

View

EIP-2026-102742 EXPLOITDB text VERIFIED

Squid - 'httpMakeVaryMark()' Remote Denial of Service

by tytusromekiatomek

View

EIP-2026-109849 EXPLOITDB text VERIFIED

Nconf 1.3 - Multiple SQL Injections

by Saadi Siddiqui

View

EIP-2026-102376 EXPLOITDB text VERIFIED

HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting

by Julien Ahrens

View

CVE-2013-2271 EXPLOITDB text

Dlink Dsl-2740b Firmware - Access Control

The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.

by Ivano Binetti

View

EIP-2026-111345 EXPLOITDB text VERIFIED

Plogger - Multiple Input Validation Vulnerabilities

by Saadat Ullah

View

CVE-2013-1468 EXPLOITDB text VERIFIED

Piwigo < 2.4.6 - CSRF

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.

by High-Tech Bridge SA

View

CVE-2013-2287 EXPLOITDB text VERIFIED

Roberta Bramski Uploader - XSS

Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

by CodeV

View

CVE-2013-1469 EXPLOITDB text VERIFIED

Piwigo < 2.4.6 - Path Traversal

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.

by High-Tech Bridge SA

View

CVE-2013-7375 EXPLOITDB text

PHP-Fusion <7.02.05 - SQL Injection

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.

by waraxe

View

EIP-2026-106544 EXPLOITDB text VERIFIED

doorGets CMS - Cross-Site Request Forgery

by n0pe

View

CVE-2013-2289 EXPLOITDB text VERIFIED

Batavi - XSS

Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.

by Dognaedis

View

CVE-2013-2560 EXPLOITDB text VERIFIED

Foscam <11.37.2.49 - Path Traversal

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.

by Frederic Basse

View

EIP-2026-113639 EXPLOITDB text VERIFIED

WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities

by ebanyu

View

CVE-2013-1453 EXPLOITDB text VERIFIED

Joomla! - SQL Injection

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.

by EgiX

View

EIP-2026-107359 EXPLOITDB text VERIFIED

Geeklog - Cross-Site Scripting

by High-Tech Bridge

View

EIP-2026-111783 EXPLOITDB text

Rix4Web Portal - Blind SQL Injection

by L0n3ly-H34rT

View