AutoSec Tools

108 exploits Active since Feb 2011
EIP-2026-113820 EXPLOITDB text WRITEUP
WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Cross-Site Scripting
EIP-2026-113739 EXPLOITDB text WRITEUP
WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting
EIP-2026-113848 EXPLOITDB text WORKING POC
WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion
CVE-2011-5267 EXPLOITDB text WORKING POC
Wikiwig - XSS
Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.
EIP-2026-113434 EXPLOITDB text WORKING POC
Wikiwig 5.01 - Cross-Site Scripting / HTML Injection
EIP-2026-113636 EXPLOITDB text WORKING POC
WordPress Plugin ComicPress Manager 1.4.9 - 'lang' Cross-Site Scripting
CVE-2011-1669 EXPLOITDB text WORKING POC
WP Custom Pages <0.5.0.1 - Path Traversal
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
EIP-2026-113270 EXPLOITDB python WORKING POC
webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload
EIP-2026-113230 EXPLOITDB text WORKING POC
Web2Project 2.3 - SQL Injection
EIP-2026-113235 EXPLOITDB text WRITEUP
web@all 1.1 - 'url' Cross-Site Scripting
EIP-2026-113265 EXPLOITDB text WORKING POC
webEdition CMS 6.1.0.2 - Multiple Vulnerabilities
EIP-2026-112957 EXPLOITDB text WORKING POC
Vanilla Forum 2.0.17.9 - Local File Inclusion
EIP-2026-113158 EXPLOITDB text WORKING POC
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
EIP-2026-113203 EXPLOITDB text WORKING POC
Web Auction 0.3.6 - 'lang' Cross-Site Scripting
EIP-2026-112568 EXPLOITDB text WRITEUP
TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injections
EIP-2026-112591 EXPLOITDB text WORKING POC
TemaTres 1.3 - '_search_expresion' Cross-Site Scripting
EIP-2026-112673 EXPLOITDB text WORKING POC
Tickets 2.13 - SQL Injection
EIP-2026-112728 EXPLOITDB text WORKING POC
todoyu 2.0.8 - 'lang' Cross-Site Scripting
EIP-2026-112696 EXPLOITDB text WRITEUP
Tine 2.0 - 'vbook.php' Cross-Site Scripting
EIP-2026-112567 EXPLOITDB text WORKING POC
TCExam 11.1.16 - 'user_password' Cross-Site Scripting
EIP-2026-112687 EXPLOITDB text WORKING POC
Time and Expense Management System - Multiple Vulnerabilities
EIP-2026-112496 EXPLOITDB text WORKING POC
Support Incident Tracker (SiT!) 3.62 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111792 EXPLOITDB text WRITEUP
Room Juice 0.3.3 - 'display.php' Cross-Site Scripting
CVE-2011-0773 EXPLOITDB text WRITEUP
Pivotx < 2.2.2 - XSS
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
EIP-2026-111552 EXPLOITDB python WORKING POC
ProQuiz 2.0.0b - Arbitrary File Upload