Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2997 EXPLOITDB text VERIFIED
F5 BIG-IP <11.2.1 - Info Disclosure
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
by anonymous
EIP-2026-116772 EXPLOITDB text
Aloaha Credential Provider Monitor 5.0.226 - Local Privilege Escalation
by LiquidWorm
EIP-2026-111950 EXPLOITDB text VERIFIED
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
by 3spi0n
EIP-2026-114011 EXPLOITDB text VERIFIED
WordPress Plugin Ripe HD FLV Player - SQL Injection
by Zikou-16
EIP-2026-108309 EXPLOITDB text VERIFIED
Joomla! Component com_collector - Arbitrary File Upload
by Red Dragon_al
CVE-2013-10070 EXPLOITDB CRITICAL text VERIFIED
PHP-Charts 1.0 - Unauthenticated Remote Code Execution via GET Parameter Eval Injection
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
by AkaStep
CVE-2013-1360 EXPLOITDB CRITICAL text
SonicWall GMS Analyzer UMA ViewPoint - Authentication Bypass via SGMS Interface
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
by Nikolas Sotiriu
CVSS 9.8
CVE-2013-0177 EXPLOITDB text VERIFIED
Apache OFBiz 10.04.x < 10.04.05 and 11.04.01 - Authenticated Cross-Site Scripting via Widget Attributes
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.
by Juan Caillava
CVE-2012-0432 EXPLOITDB text
NetIQ eDirectory <8.8.7.2 - Buffer Overflow
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
by Gary Nilson
CVE-2013-2679 EXPLOITDB MEDIUM text
Linksys E4200 Firmware 1.0.05 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
by m-1-k-3
CVSS 6.1
EIP-2026-107945 EXPLOITDB text VERIFIED
IP.Gallery - 'img' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-107905 EXPLOITDB text VERIFIED
Invision Gallery 2.0.5 - SQL Injection
by Ashiyane Digital Security Team
EIP-2026-106324 EXPLOITDB text VERIFIED
Cydia Repo Manager - Cross-Site Request Forgery
by Ramdan Yantu
CVE-2013-0397 EXPLOITDB text VERIFIED
Oracle Applications Framework - Info Disclosure
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.
by Trustwave's SpiderLabs
EIP-2026-111120 EXPLOITDB text VERIFIED
phpLiteAdmin - 'table' SQL Injection
by KedAns-Dz
EIP-2026-105998 EXPLOITDB text
CMS snews - SQL Injection
by By onestree
CVE-2009-4571 EXPLOITDB text VERIFIED
PhpShop 0.8.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.
by By onestree
EIP-2026-110586 EXPLOITDB text VERIFIED
phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting
by LiquidWorm
CVE-2013-5123 EXPLOITDB MEDIUM text VERIFIED
pip < 1.5 - Man-in-the-Middle Attack via Insecure Mirror DNS Querying
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
by LiquidWorm
CVSS 5.9
EIP-2026-118853 EXPLOITDB text VERIFIED
Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution
by Christopher Emerson
EIP-2026-111121 EXPLOITDB text VERIFIED
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection
by L@usch
CVE-2012-5876 EXPLOITDB text
Nero MediaHome < 4.5.8.0 - Denial of Service via Long HTTP Request or Referer Header
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.
by High-Tech Bridge SA
CVE-2012-5877 EXPLOITDB text
Nero MediaHome < 4.5.8.0 - Denial of Service via HTTP Header Without Name
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.
by High-Tech Bridge SA
EIP-2026-113778 EXPLOITDB text VERIFIED
WordPress Plugin Gallery - 'filename_1' Arbitrary File Access
by Beni_Vanda
EIP-2026-113356 EXPLOITDB text VERIFIED
WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities
by Stefan Schurtz