MustLive

110 exploits Active since Dec 2005
CVE-2012-3351 EXPLOITDB MEDIUM text WORKING POC
JW Player < 5.10.2295 - Cross-Site Scripting via Link or Logo Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
CVSS 6.1
CVE-2008-4088 EXPLOITDB text WRITEUP
myphpnuke < 1.8.8_8 - SQL Injection via print.php sid Parameter
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2009-2350 EXPLOITDB text WRITEUP
Microsoft Internet Explorer 6.0.2900.2180 - XSS
Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312.
EIP-2026-115725 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 8 - CSS 'expression' Remote Denial of Service
CVE-2012-6550 EXPLOITDB text WORKING POC
ZeroClipboard < 1.1.4 - Cross-Site Scripting via Flash Object clipText
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
CVE-2009-4168 EXPLOITDB text WORKING POC
WP-Cumulus < 1.23 - Cross-Site Scripting via Tagcloud Parameter
Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.
EIP-2026-114338 EXPLOITDB text WRITEUP
WordPress Theme Live Wire 2.3.1 - Multiple Vulnerabilities
EIP-2026-114015 EXPLOITDB text WRITEUP
WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities
EIP-2026-114017 EXPLOITDB text WRITEUP
WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities
EIP-2026-114196 EXPLOITDB html WORKING POC
WordPress Plugin Wordfence Security - Cross-Site Scripting
EIP-2026-114328 EXPLOITDB text WORKING POC
WordPress Theme flashnews - Multiple Input Validation Vulnerabilities
EIP-2026-114014 EXPLOITDB text WRITEUP
WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities
EIP-2026-114013 EXPLOITDB text WRITEUP
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting
EIP-2026-114016 EXPLOITDB text WRITEUP
WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities
EIP-2026-114090 EXPLOITDB text WORKING POC
WordPress Plugin Subscribe to Comments 2.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-114124 EXPLOITDB text WORKING POC
WordPress Plugin Trashbin 0.1 - 'mtb_undelete' Cross-Site Scripting
CVE-2009-4170 EXPLOITDB text WRITEUP
WP-Cumulus Plug-in <1.20 - Info Disclosure
WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
CVE-2012-2941 EXPLOITDB text WORKING POC
Yandex.Server 2010 9.0 Enterprise - XSS
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
EIP-2026-114314 EXPLOITDB text WRITEUP
WordPress Theme Colormix - Multiple Vulnerabilities
EIP-2026-114258 EXPLOITDB text WRITEUP
WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Cross-Site Scripting
EIP-2026-114353 EXPLOITDB text WRITEUP
WordPress Theme The Gazette Edition 2.9.4 - Multiple Vulnerabilities
EIP-2026-113750 EXPLOITDB text WORKING POC
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)
CVE-2014-9094 EXPLOITDB text WORKING POC
Digital Zoom Studio Video Gallery - Cross-Site Scripting via swfloc or designrand Parameter
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
EIP-2026-113776 EXPLOITDB html WORKING POC
WordPress Plugin Fuctweb CapCC 1.0 CAPTCHA - Security Bypass
CVE-2013-7233 EXPLOITDB text WRITEUP
WordPress < 2.0.11 - Cross-Site Request Forgery via Retrospam Component
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.