Vulnerability-Lab

336 exploits Active since Jan 2008
EIP-2026-116529 EXPLOITDB text WRITEUP
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)
EIP-2026-116431 EXPLOITDB text WRITEUP
Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities
CVE-2018-5282 EXPLOITDB HIGH text WORKING POC
Kentico 9.0-11.0 - Buffer Overflow
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
CVSS 7.8
EIP-2026-115007 EXPLOITDB text WORKING POC
Boxoft Wav 1.0 - Buffer Overflow
EIP-2026-114902 EXPLOITDB text WRITEUP
AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflows
EIP-2026-115013 EXPLOITDB text WORKING POC
BulletProof FTP Client 2010 - Buffer Overflow (PoC)
EIP-2026-114627 EXPLOITDB text WRITEUP
Zikula CMS 1.3.5 - Multiple Vulnerabilities
CVE-2016-6186 EXPLOITDB MEDIUM text WRITEUP
Django <1.8.14, <1.9.x, <1.10rc1 - XSS
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
CVSS 6.1
EIP-2026-114411 EXPLOITDB text WRITEUP
Xavier 2.4 - SQL Injection
EIP-2026-113556 EXPLOITDB text WORKING POC
WordPress Plugin All In One WP Security & Firewall 3.8.3 - Persistent Cross-Site Scripting
EIP-2026-113609 EXPLOITDB text WORKING POC
WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting
CVE-2013-5962 EXPLOITDB text WORKING POC
Envato Complete Gallery Manager Plugin - Unrestricted File Upload
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
EIP-2026-113810 EXPLOITDB text WRITEUP
WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)
EIP-2026-113312 EXPLOITDB text WORKING POC
Webile v1.0.1 - Multiple Cross Site Scripting
EIP-2026-113159 EXPLOITDB text WRITEUP
VTiger v7.0 CRM - 'To' Persistent XSS
CVE-2012-2909 EXPLOITDB text WORKING POC
Viscacha 0.8.1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar.
EIP-2026-112956 EXPLOITDB text WORKING POC
Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)
EIP-2026-113141 EXPLOITDB text WRITEUP
vOlk Botnet Framework 4.0 - Multiple Vulnerabilities
EIP-2026-112952 EXPLOITDB text WRITEUP
VamCart CMS 0.9 - Multiple Vulnerabilities
CVE-2012-4281 EXPLOITDB text WORKING POC
Itechscripts Travelon Express - SQL Injection
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
EIP-2026-112847 EXPLOITDB text WORKING POC
uBidAuction v2.0.1 - 'Multiple' Cross Site Scripting (XSS)
EIP-2026-112885 EXPLOITDB text WORKING POC
Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)
EIP-2026-112852 EXPLOITDB text WRITEUP
uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)
EIP-2026-112557 EXPLOITDB text WRITEUP
TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection
EIP-2026-112697 EXPLOITDB text WRITEUP
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities