MustLive

110 exploits Active since Dec 2005
EIP-2026-113788 EXPLOITDB text WRITEUP
WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting
EIP-2026-113944 EXPLOITDB text WRITEUP
WordPress Plugin ORGanizer - Multiple Vulnerabilities
EIP-2026-113751 EXPLOITDB html WORKING POC
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)
EIP-2026-113775 EXPLOITDB html WORKING POC
WordPress Plugin Fuctweb CapCC 1.0 - 'plugins.php' SQL Injection
CVE-2014-9094 EXPLOITDB text WORKING POC
Digital Zoom Studio Video Gallery - Cross-Site Scripting via swfloc or designrand Parameter
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
EIP-2026-113776 EXPLOITDB html WORKING POC
WordPress Plugin Fuctweb CapCC 1.0 CAPTCHA - Security Bypass
CVE-2010-4867 EXPLOITDB text WRITEUP
W-Agora < 4.2.1 - Path Traversal via Search Parameter
Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter.
EIP-2026-113162 EXPLOITDB text WRITEUP
W-Agora 4.1.5 - Local File Inclusion / Cross-Site Scripting
CVE-2010-4868 EXPLOITDB text WRITEUP
W-Agora < 4.2.1 - Cross-Site Scripting via search.php3 bn Parameter
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
CVE-2012-1787 EXPLOITDB text WORKING POC
Webglimpse < 2.20.0 - Cross-Site Scripting via URL FILE or DOMAIN Parameters
Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.
EIP-2026-112703 EXPLOITDB text SUSPICIOUS
TinyBrowser - 'edit.php' Directory Listing
EIP-2026-112704 EXPLOITDB text SUSPICIOUS
TinyBrowser - 'tinybrowser.php' Directory Listing
EIP-2026-112705 EXPLOITDB text WORKING POC
tinybrowser - 'type' Cross-Site Scripting
EIP-2026-112061 EXPLOITDB text WORKING POC
SimpGB 1.49.2 - 'Guestbook.php' Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-2858 EXPLOITDB text WORKING POC
SimpNews < 2.47.03 - Cross-Site Scripting via Layout and Sortorder Parameters
Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.
EIP-2026-112512 EXPLOITDB text WORKING POC
SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities
EIP-2026-111796 EXPLOITDB text WRITEUP
Rotabanner Local 2/3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-111632 EXPLOITDB html WORKING POC
Question2Answer - Cross-Site Request Forgery
CVE-2008-2562 EXPLOITDB text WORKING POC
PowerPhlogger < 2.2.5 - Authenticated SQL Injection via css_str Parameter
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
CVE-2009-4253 EXPLOITDB text WRITEUP
PowerPhlogger 2.2.5 - XSS
Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter.
EIP-2026-111255 EXPLOITDB text WRITEUP
PHPXref 0.7 - 'nav.html' Cross-Site Scripting
CVE-2008-0207 EXPLOITDB text WORKING POC
PRO-Search < 0.17 - Cross-Site Scripting via Multiple URI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI.
CVE-2010-4836 EXPLOITDB text WRITEUP
phpshop < 2.1 - Cross-Site Scripting via register.html name_new Parameter
Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter.
EIP-2026-109979 EXPLOITDB html WORKING POC
Nucleus CMS 3.0.1 - 'myid' SQL Injection
CVE-2007-5429 EXPLOITDB text WRITEUP
Nucleus CMS 3.01 - Cross-Site Scripting via Archive Parameter
Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.