Vulnerability-Lab

336 exploits Active since Jan 2008
CVE-2012-2908 EXPLOITDB text WORKING POC
Viscacha 0.8.1.1 - SQL Injection
Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.
CVE-2011-5228 EXPLOITDB text WRITEUP
Apprain - XSS
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
CVE-2011-5149 EXPLOITDB text WRITEUP
Spamtitan < 5.08 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.
EIP-2026-119391 EXPLOITDB text WRITEUP
MailOrderWorks 5.907 - Multiple Vulnerabilities
EIP-2026-119434 EXPLOITDB text WRITEUP
SonicWALL OEM Scrutinizer 9.5.2 - Multiple Vulnerabilities
EIP-2026-119435 EXPLOITDB text WRITEUP
SonicWALL Scrutinizer 9.5.2 - SQL Injection
CVE-2019-14422 EXPLOITDB HIGH text WORKING POC
TortoiseSVN 1.12.1 - RCE
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside.
CVSS 8.8
EIP-2026-119399 EXPLOITDB text WRITEUP
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities
CVE-2016-7851 EXPLOITDB MEDIUM text WRITEUP
Adobe Connect < 9.5.6 - XSS
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
CVSS 6.1
EIP-2026-119359 EXPLOITDB text WRITEUP
Dell PacketTrap PSA 7.1 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2013-3179 EXPLOITDB text WRITEUP
Microsoft SharePoint Server - XSS
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
EIP-2026-119433 EXPLOITDB text WRITEUP
SonicWALL email security 7.3.5 - Multiple Vulnerabilities
EIP-2026-119397 EXPLOITDB text WRITEUP
ManageEngine OpStor 7.4 - Multiple Vulnerabilities
EIP-2026-119358 EXPLOITDB text WRITEUP
Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-119127 EXPLOITDB text WRITEUP
ServersCheck Monitoring Software 8.8.x - Multiple Vulnerabilities
EIP-2026-118721 EXPLOITDB text WRITEUP
LAN.FS Messenger 2.4 - Command Execution
CVE-2012-4992 EXPLOITDB text WRITEUP
FlashFXP 4.2 - RCE
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
EIP-2026-118660 EXPLOITDB text WORKING POC
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal
EIP-2026-117918 EXPLOITDB text WORKING POC
Socusoft Photo 2 Video 8.05 - Local Buffer Overflow
EIP-2026-116892 EXPLOITDB text WORKING POC
Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow
EIP-2026-116910 EXPLOITDB text WORKING POC
Blueberry Express 5.9.0.3678 - Local Buffer Overflow (SEH)
EIP-2026-117337 EXPLOITDB text WORKING POC
Internet Download Manager 6.37.11.1 - Stack Buffer Overflow (PoC)
EIP-2026-116532 EXPLOITDB text WORKING POC
Wickr Desktop 2.2.1 Windows - Denial of Service
EIP-2026-116529 EXPLOITDB text WRITEUP
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)
EIP-2026-116664 EXPLOITDB text WORKING POC
Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)