Vulnerability Laboratory

23 exploits Active since Sep 2012
CVE-2020-37087 EXPLOITDB MEDIUM text WORKING POC
Easy Transfer Wifi Transfer v1.7 - XSS
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.
CVE-2020-37086 EXPLOITDB MEDIUM text WORKING POC
Easy Transfer 1.7 iOS - Path Traversal
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.
CVSS 6.2
CVE-2020-37081 EXPLOITDB HIGH text WORKING POC
Fishing Reservation System 7.5 - SQL Injection
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.
CVSS 7.1
EIP-2026-116529 EXPLOITDB text WRITEUP
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)
EIP-2026-112557 EXPLOITDB text WRITEUP
TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection
EIP-2026-111970 EXPLOITDB text WRITEUP
SeedDMS 5.1.18 - Persistent Cross-Site Scripting
EIP-2026-110033 EXPLOITDB text WORKING POC
Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities
EIP-2026-109236 EXPLOITDB text WRITEUP
Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
EIP-2026-108923 EXPLOITDB text WORKING POC
Jorjweb - 'id' SQL Injection
EIP-2026-107188 EXPLOITDB text WORKING POC
Fork CMS 5.8.0 - Persistent Cross-Site Scripting
CVE-2012-4877 EXPLOITDB html WORKING POC
FlatnuX CMS <2011 08.09.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
CVE-2012-4878 EXPLOITDB text WRITEUP
FlatnuX CMS 2011 08.09.2 - Path Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
EIP-2026-106399 EXPLOITDB text WORKING POC
DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting
EIP-2026-103295 EXPLOITDB text WORKING POC
Mahara 19.10.2 CMS - Persistent Cross-Site Scripting
EIP-2026-102297 EXPLOITDB text WORKING POC
Super Backup 2.0.5 for iOS - Directory Traversal
EIP-2026-102295 EXPLOITDB text WORKING POC
Sky File 2.1.0 iOS - Directory Traversal
EIP-2026-102285 EXPLOITDB text WRITEUP
Playable 9.18 iOS - Persistent Cross-Site Scripting
EIP-2026-102279 EXPLOITDB text WRITEUP
Photorange 1.0 iOS - Local File Inclusion
EIP-2026-102245 EXPLOITDB text WORKING POC
HardDrive 2.1 for iOS - Arbitrary File Upload
EIP-2026-102233 EXPLOITDB text WORKING POC
File Transfer iFamily 2.1 - Directory Traversal
EIP-2026-102213 EXPLOITDB text WRITEUP
AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting
EIP-2026-102298 EXPLOITDB text WRITEUP
SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting
EIP-2026-101675 EXPLOITDB text WORKING POC
Draytek VigorAP 1000C - Persistent Cross-Site Scripting