Vulnerability-Lab

343 exploits Active since Jan 2008
CVE-2012-3840 EXPLOITDB text WRITEUP
MyClientBase 0.12 - Cross-Site Scripting via First Name or Last Name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.
EIP-2026-109311 EXPLOITDB text WRITEUP
ManageEngine Mobile Application Manager 10 - SQL Injection
CVE-2008-0474 EXPLOITDB text WRITEUP
ManageEngine Applications Manager 8.1 build 8100 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-109312 EXPLOITDB text WRITEUP
Mangallam CMS - SQL Injection
EIP-2026-109236 EXPLOITDB text WRITEUP
Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
CVE-2012-5900 EXPLOITDB text WRITEUP
SAMEDIA LandShop 0.9.2 - SQL Injection via OB_ID, AREA_ID, or start Parameter
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
EIP-2026-109035 EXPLOITDB text WRITEUP
Kohana Framework 2.3.3 - Directory Traversal
EIP-2026-108130 EXPLOITDB text WRITEUP
Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities
EIP-2026-108347 EXPLOITDB text WRITEUP
Joomla! Component com_fireboard - SQL Injection
EIP-2026-107958 EXPLOITDB text WRITEUP
iScripts EasyCreate 2.0 - Multiple Vulnerabilities
EIP-2026-107783 EXPLOITDB text WRITEUP
ILIAS eLearning CMS 4.3.4 < 4.4 - Persistent Cross-Site Scripting
EIP-2026-107753 EXPLOITDB text WRITEUP
iDev Rentals 1.0 - Multiple Vulnerabilities
EIP-2026-107859 EXPLOITDB text WRITEUP
Inout Mobile Webmail APP - Persistent Cross-Site Scripting
EIP-2026-107710 EXPLOITDB text WRITEUP
iBoutique eCommerce 4.0 - Multiple Web Vulnerabilities
EIP-2026-107704 EXPLOITDB text WRITEUP
iauto mobile Application 2012 - Multiple Vulnerabilities
EIP-2026-107382 EXPLOITDB text WRITEUP
GENU CMS 2012.3 - Multiple SQL Injections
EIP-2026-107379 EXPLOITDB text WRITEUP
Genium CMS 2012/Q2 - Multiple Vulnerabilities
EIP-2026-107517 EXPLOITDB text WRITEUP
GTX CMS 2013 Optima - SQL Injection
CVE-2012-4280 EXPLOITDB text WRITEUP
Free Realty 3.1-0.6 - Cross-Site Request Forgery in Agent Editor
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.
EIP-2026-107188 EXPLOITDB text WORKING POC
Fork CMS 5.8.0 - Persistent Cross-Site Scripting
EIP-2026-107240 EXPLOITDB text WORKING POC
Freeside SelfService CGI/API 2.3.3 - Multiple Vulnerabilities
EIP-2026-107521 EXPLOITDB text WRITEUP
Guestbook Scripts PHP 1.5 - Multiple Vulnerabilities
CVE-2012-5919 EXPLOITDB text WRITEUP
Havalite CMS < 1.0.4 - Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.
EIP-2026-107163 EXPLOITDB text WRITEUP
Flynax General Classifieds CMS 4.0 - Multiple Vulnerabilities
EIP-2026-106939 EXPLOITDB text WRITEUP
Eventy CMS 1.8 Plus - Multiple Vulnerabilities