Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars

EIP-2026-111774 EXPLOITDB text VERIFIED

Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections

by High-Tech Bridge SA

View

EIP-2026-109882 EXPLOITDB text VERIFIED

netjukebox 4.01B/5.25 - 'skin' Cross-Site Scripting

by AutoSec Tools

View

EIP-2026-109368 EXPLOITDB text VERIFIED

MC Content Manager 10.1.1 - Multiple Cross-Site Scripting Vulnerabilities

by MustLive

View

EIP-2026-107477 EXPLOITDB text VERIFIED

GrapeCity Data Dynamics Reports 1.6.2084.14 - Multiple Cross-Site Scripting Vulnerabilities

by Dionach

View

CVE-2011-0545 EXPLOITDB text

Symantec LiveUpdate Administrator < 2.3 - Cross-Site Request Forgery via adduser.do

Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.

by Nikolas Sotiriu

View

CVE-2011-1524 EXPLOITDB text

Symantec LiveUpdate Administrator <2.3 - XSS

Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.

by Nikolas Sotiriu

View

EIP-2026-116504 EXPLOITDB text VERIFIED

VMCPlayer 1.0 - Denial of Service

by BraniX

View

CVE-2011-4041 EXPLOITDB text VERIFIED

Advantech/BroadWin WebAccess - Remote Code Execution via Long String in RPC Request

webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.

by Ruben Santamarta

View

EIP-2026-100622 EXPLOITDB text VERIFIED

Web Wiz Forums 9.5 - Multiple SQL Injections

by eXeSoul

View

EIP-2026-100616 EXPLOITDB text VERIFIED

Web Wiz Forum - Injection

by eXeSoul

View

CVE-2011-1567 EXPLOITDB text

IGSSdataServer.exe <9.00.00.11063 - Buffer Overflow

Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.

by Luigi Auriemma

View

CVE-2011-1566 EXPLOITDB text

7-Technologies IGSS <9.00.00.11059 - Path Traversal

Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.

by Luigi Auriemma

View

CVE-2011-1565 EXPLOITDB text

7-Technologies IGSS <9.00.00.11063 - Path Traversal

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.

by Luigi Auriemma

View

CVE-2011-1563 EXPLOITDB text

DATAC RealFlex RealWin <2.1 Build 6.1.10.10 - Buffer Overflow

Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_CTAGLIST_FCS_CADDTAG, (3) On_FC_CTAGLIST_FCS_CDELTAG, (4) On_FC_CTAGLIST_FCS_ADDTAGMS, (5) On_FC_RFUSER_FCS_LOGIN, (6) unspecified "On_FC_BINFILE_FCS_*FILE", (7) On_FC_CGETTAG_FCS_GETTELEMETRY, (8) On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY, (9) On_FC_CGETTAG_FCS_SETTELEMETRY, (10) On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY, and (11) On_FC_SCRIPT_FCS_STARTPROG packets to port 910.

by Luigi Auriemma

View

EIP-2026-119134 EXPLOITDB text VERIFIED

siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities

by Luigi Auriemma

View

CVE-2011-1568 EXPLOITDB text

7-Technologies IGSS <9.00.00.11074 - RCE

Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information.

by Luigi Auriemma

View

EIP-2026-115423 EXPLOITDB text

iconics genesis32 and genesis64 - Multiple Vulnerabilities

by Luigi Auriemma

View

CVE-2011-1564 EXPLOITDB text

DATAC RealFlex RealWin <2.1 Build 6.1.10.10 - RCE

Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.

by Luigi Auriemma

View

CVE-2011-1525 EXPLOITDB text

RealNetworks RealPlayer <14.0.2 - RCE

Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.

by Luigi Auriemma

View

EIP-2026-112019 EXPLOITDB text VERIFIED

Shimbi CMS - Multiple SQL Injections

by p0pc0rn

View

EIP-2026-111362 EXPLOITDB text VERIFIED

PluggedOut Blog 1.9.9 - 'year' Cross-Site Scripting

by kurdish hackers team

View

EIP-2026-110183 EXPLOITDB text VERIFIED

Online store PHP script - Multiple Cross-Site Scripting / SQL Injections

by kurdish hackers team

View

EIP-2026-109928 EXPLOITDB text VERIFIED

Newsportal 0.37 - 'post.php' Cross-Site Scripting

by kurdish hackers team

View

EIP-2026-105978 EXPLOITDB text

CMS Lokomedia 1.5 - Arbitrary File Upload

by eidelweiss

View

EIP-2026-100307 EXPLOITDB text VERIFIED

Element-IT PowUpload 1.3 - Arbitrary File Upload

by Daniel Godoy

View

By Source

All 31,386

By Language

text 31,386