Vulnerability-Lab

343 exploits Active since Jan 2008
EIP-2026-107114 EXPLOITDB text WRITEUP
Flash Operator Panel 2.31.03 - Command Execution
EIP-2026-106939 EXPLOITDB text WRITEUP
Eventy CMS 1.8 Plus - Multiple Vulnerabilities
EIP-2026-106936 EXPLOITDB text WRITEUP
Event Script PHP 1.1 CMS - Multiple Vulnerabilities
EIP-2026-106903 EXPLOITDB text WRITEUP
ES Job Search Engine 3.0 - SQL Injection
EIP-2026-106872 EXPLOITDB text WRITEUP
Endian UTM Firewall 2.4.x < 2.5.0 - Multiple Web Vulnerabilities
EIP-2026-106845 EXPLOITDB text WRITEUP
elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities
EIP-2026-106402 EXPLOITDB text WRITEUP
Dell Kace 1000 SMA 5.4.70402 - Persistent Cross-Site Scripting
EIP-2026-106540 EXPLOITDB text WORKING POC
Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities
CVE-2012-1226 EXPLOITDB text WRITEUP
Dolibarr CMS 3.2.0 Alpha - Path Traversal & Arbitrary File Read via Document.php or Backtopage Parameter
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
CVE-2012-6519 EXPLOITDB text WRITEUP
diy-cms 1.0 - SQL Injection via Poll Module start Parameter
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php.
EIP-2026-106403 EXPLOITDB text WORKING POC
Dell Kace 1000 SMA 5.4.742 - SQL Injection
EIP-2026-105955 EXPLOITDB text WRITEUP
CLscript CMS 3.0 - Multiple Vulnerabilities
EIP-2026-106032 EXPLOITDB text WRITEUP
CMSQLite 1.3.2 - Multiple Vulnerabilities
CVE-2012-6510 EXPLOITDB text WRITEUP
NetArt Media Car Portal 3.0 - Stored Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile.
EIP-2026-105593 EXPLOITDB text WRITEUP
Boom CMS v8.0.7 - Cross Site Scripting
EIP-2026-105811 EXPLOITDB text WRITEUP
Chamilo LMS IDOR - 'messageId' Delete POST Injection
EIP-2026-105806 EXPLOITDB text WORKING POC
Chamilo LMS - Persistent Cross-Site Scripting
EIP-2026-105776 EXPLOITDB text WRITEUP
CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities
EIP-2026-105775 EXPLOITDB text WRITEUP
CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection
EIP-2026-105771 EXPLOITDB text WRITEUP
Cells Blog CMS 1.1 - Multiple Web Vulnerabilities
EIP-2026-105301 EXPLOITDB text WRITEUP
Aures Booking & POS Terminal - Local Privilege Escalation
CVE-2011-5229 EXPLOITDB text WRITEUP
appRain CMF 0.1.5 - SQL Injection via PATH_INFO in Forum Module
SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
EIP-2026-105275 EXPLOITDB text WRITEUP
ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities
EIP-2026-105385 EXPLOITDB text WRITEUP
Bananadance Wiki b2.2 - Multiple Vulnerabilities
EIP-2026-105013 EXPLOITDB text WRITEUP
Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting (XSS)