Vulnerability-Lab

343 exploits Active since Jan 2008
EIP-2026-113159 EXPLOITDB text WRITEUP
VTiger v7.0 CRM - 'To' Persistent XSS
EIP-2026-113312 EXPLOITDB text WORKING POC
Webile v1.0.1 - Multiple Cross Site Scripting
EIP-2026-112956 EXPLOITDB text WORKING POC
Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)
EIP-2026-112885 EXPLOITDB text WORKING POC
Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)
CVE-2012-4281 EXPLOITDB text WORKING POC
Travelon Express 6.2.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
EIP-2026-112557 EXPLOITDB text WRITEUP
TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection
EIP-2026-112697 EXPLOITDB text WRITEUP
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112852 EXPLOITDB text WRITEUP
uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)
EIP-2026-112516 EXPLOITDB text WRITEUP
Swoopo Gold Shop CMS 8.4.56 - Multiple Web Vulnerabilities
EIP-2026-112472 EXPLOITDB text WORKING POC
SugarCRM 6.5.18 - Persistent Cross-Site Scripting
EIP-2026-112154 EXPLOITDB text WORKING POC
Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
EIP-2026-112153 EXPLOITDB text WRITEUP
Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection
EIP-2026-112289 EXPLOITDB text WRITEUP
Social Engine 4.2.5 - Multiple Vulnerabilities
EIP-2026-112407 EXPLOITDB text WRITEUP
Squirrelcart Cart Shop 3.3.4 - Multiple Web Vulnerabilities
CVE-2011-5150 EXPLOITDB text WRITEUP
SpamTitan < 5.07 - Cross-Site Scripting via setup-network.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-112466 EXPLOITDB text WRITEUP
Subrion CMS 4.0.5 - SQL Injection
EIP-2026-112367 EXPLOITDB text WRITEUP
SpamTitan Application 5.08x - SQL Injection
EIP-2026-111970 EXPLOITDB text WRITEUP
SeedDMS 5.1.18 - Persistent Cross-Site Scripting
EIP-2026-111983 EXPLOITDB text WRITEUP
Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting
CVE-2010-4980 EXPLOITDB text WRITEUP
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
EIP-2026-111938 EXPLOITDB text WRITEUP
Schoolhos CMS 2.29 - 'kelas' SQL Injection
EIP-2026-111542 EXPLOITDB text WRITEUP
ProjectSend r754 - Insecure Direct Object Reference
CVE-2012-4266 EXPLOITDB text WRITEUP
Proman Xpress 5.0.1 - Cross-Site Scripting via cl_comments Parameter
Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-111022 EXPLOITDB text WRITEUP
PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection
EIP-2026-111093 EXPLOITDB text WORKING POC
PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)