Vulnerability-Lab

343 exploits Active since Jan 2008
EIP-2026-111118 EXPLOITDB text WRITEUP
phpList 3.0.6/3.0.10 - SQL Injection
EIP-2026-110729 EXPLOITDB text WORKING POC
PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)
EIP-2026-110512 EXPLOITDB text WRITEUP
PBBoard CMS 2.1.4 - Multiple Vulnerabilities
EIP-2026-110567 EXPLOITDB text WORKING POC
PG Dating Pro CMS 1.0 - Multiple Vulnerabilities
EIP-2026-110494 EXPLOITDB text WORKING POC
PaulPrinting CMS - (Search Delivery) Cross Site Scripting
EIP-2026-110459 EXPLOITDB text WORKING POC
Pandora FMS 5.1 SP1 - SQL Injection
EIP-2026-110495 EXPLOITDB text WRITEUP
PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities
EIP-2026-110528 EXPLOITDB text WRITEUP
pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting
EIP-2026-110727 EXPLOITDB text WORKING POC
PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
EIP-2026-110728 EXPLOITDB text WORKING POC
PHP Melody 3.0 - 'vid' SQL Injection
EIP-2026-110502 EXPLOITDB text WORKING POC
Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)
EIP-2026-110456 EXPLOITDB text WRITEUP
Pandora Fms 4.0.1 - Local File Inclusion
CVE-2012-1059 EXPLOITDB text WRITEUP
OSCommerce Online Merchant 3.0.2 - XSS
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
EIP-2026-110334 EXPLOITDB text WRITEUP
Opial CMS 2.0 - Multiple Vulnerabilities
CVE-2013-6794 EXPLOITDB text WRITEUP
Olat 7.8.0.1 - Cross-Site Scripting via Calendar Location Field
Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-109987 EXPLOITDB text WORKING POC
Nuked Klan SP CMS 4.5 - SQL Injection
EIP-2026-110031 EXPLOITDB text WORKING POC
Omnistar Document Manager 8.0 - Multiple Vulnerabilities
EIP-2026-110035 EXPLOITDB text WORKING POC
Omnistar Mailer 7.2 - Multiple Vulnerabilities
EIP-2026-110208 EXPLOITDB text WRITEUP
Onpub CMS 1.4/1.5 - Multiple SQL Injections
EIP-2026-109857 EXPLOITDB text WRITEUP
NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities
CVE-2012-4258 EXPLOITDB text WORKING POC
MYRE Real Estate Software 2012 Q2 - SQL Injection via link_idd or userid Parameter
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.
EIP-2026-109909 EXPLOITDB text WRITEUP
News Script PHP 1.2 - Multiple Vulnerabilities
CVE-2012-4262 EXPLOITDB text WRITEUP
myCare2x - Stored Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
EIP-2026-109622 EXPLOITDB text WORKING POC
Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection
CVE-2012-3840 EXPLOITDB text WRITEUP
MyClientBase 0.12 - Cross-Site Scripting via First Name or Last Name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.