Vulnerability-Lab

336 exploits Active since Jan 2008
EIP-2026-110528 EXPLOITDB text WRITEUP
pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting
EIP-2026-110728 EXPLOITDB text WORKING POC
PHP Melody 3.0 - 'vid' SQL Injection
EIP-2026-110494 EXPLOITDB text WORKING POC
PaulPrinting CMS - (Search Delivery) Cross Site Scripting
EIP-2026-110502 EXPLOITDB text WORKING POC
Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)
EIP-2026-110459 EXPLOITDB text WORKING POC
Pandora FMS 5.1 SP1 - SQL Injection
CVE-2012-1059 EXPLOITDB text WRITEUP
OSCommerce Online Merchant 3.0.2 - XSS
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
EIP-2026-110334 EXPLOITDB text WRITEUP
Opial CMS 2.0 - Multiple Vulnerabilities
CVE-2013-6794 EXPLOITDB text WRITEUP
Olat - XSS
Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-109987 EXPLOITDB text WORKING POC
Nuked Klan SP CMS 4.5 - SQL Injection
EIP-2026-110031 EXPLOITDB text WORKING POC
Omnistar Document Manager 8.0 - Multiple Vulnerabilities
EIP-2026-110035 EXPLOITDB text WORKING POC
Omnistar Mailer 7.2 - Multiple Vulnerabilities
EIP-2026-110208 EXPLOITDB text WRITEUP
Onpub CMS 1.4/1.5 - Multiple SQL Injections
EIP-2026-109857 EXPLOITDB text WRITEUP
NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities
CVE-2012-4258 EXPLOITDB text WORKING POC
Myrephp Myre Real Estate Software - SQL Injection
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.
EIP-2026-109909 EXPLOITDB text WRITEUP
News Script PHP 1.2 - Multiple Vulnerabilities
CVE-2012-4262 EXPLOITDB text WRITEUP
Hccgmbh Mycare2x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
EIP-2026-109622 EXPLOITDB text WORKING POC
Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection
CVE-2012-3840 EXPLOITDB text WRITEUP
Myclientbase - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.
CVE-2012-4258 EXPLOITDB text WORKING POC
Myrephp Myre Real Estate Software - SQL Injection
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.
EIP-2026-109312 EXPLOITDB text WRITEUP
Mangallam CMS - SQL Injection
EIP-2026-109236 EXPLOITDB text WRITEUP
Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
CVE-2008-0474 EXPLOITDB text WRITEUP
Manageengine Applications Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-109311 EXPLOITDB text WRITEUP
ManageEngine Mobile Application Manager 10 - SQL Injection
EIP-2026-109035 EXPLOITDB text WRITEUP
Kohana Framework 2.3.3 - Directory Traversal
CVE-2012-5900 EXPLOITDB text WRITEUP
Samedia Landshop - SQL Injection
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.