Vulnerability-Lab

336 exploits Active since Jan 2008
EIP-2026-104341 EXPLOITDB text WRITEUP
Mobile Atlas Creator 1.9.12 - Persistent Command Injection
CVE-2015-5150 EXPLOITDB text WRITEUP
Zohocorp Manageengine Supportcenter Plus - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.
CVE-2016-0956 EXPLOITDB HIGH text WORKING POC
Apache Sling 2.3.6 - Info Disclosure
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS 7.5
EIP-2026-104155 EXPLOITDB text WRITEUP
AirDroid iOS / Android / Win 3.1.3 - Persistent
EIP-2026-104239 EXPLOITDB text WRITEUP
Endpoint Protector 4.0.4.0 - Multiple Vulnerabilities
EIP-2026-104234 EXPLOITDB text WRITEUP
Elite Graphix ElitCMS 1.01 / PRO - Multiple Web Vulnerabilities
CVE-2014-2879 EXPLOITDB text WRITEUP
Sonicwall Email Security Appliance < 7.4.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
CVE-2012-1047 EXPLOITDB text WORKING POC
Cyberoam Central Console <2.00.2 - Path Traversal
Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action.
CVE-2017-13754 EXPLOITDB MEDIUM text WORKING POC
Wibu Codemeter < 6.50a - XSS
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
CVSS 5.4
EIP-2026-104185 EXPLOITDB text WRITEUP
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent
EIP-2026-103763 EXPLOITDB text WRITEUP
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
CVE-2013-6674 EXPLOITDB text WORKING POC
Mozilla Seamonkey < 2.20 - XSS
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
EIP-2026-103295 EXPLOITDB text WORKING POC
Mahara 19.10.2 CMS - Persistent Cross-Site Scripting
EIP-2026-103272 EXPLOITDB text WRITEUP
DornCMS Application 1.4 - Multiple Web Vulnerabilities
EIP-2026-102539 EXPLOITDB text WRITEUP
Totemomail 4.x/5.x - Persistent Cross-Site Scripting
EIP-2026-102305 EXPLOITDB text WORKING POC
Video WiFi Transfer 1.01 - Directory Traversal
CVE-2013-7025 EXPLOITDB text WRITEUP
Sonicwall Analyzer - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
EIP-2026-102460 EXPLOITDB text WRITEUP
Barracuda Control Center 620 - Multiple Web Vulnerabilities
CVE-2017-15374 EXPLOITDB MEDIUM text WRITEUP
Shopware - XSS
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts.
CVSS 6.1
EIP-2026-102361 EXPLOITDB text WRITEUP
Blackboard LMS 9.1 SP14 - Cross-Site Scripting
EIP-2026-102321 EXPLOITDB text WRITEUP
WK UDID 1.0.1 iOS - Command Injection
EIP-2026-102320 EXPLOITDB text WRITEUP
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities
EIP-2026-102319 EXPLOITDB text WORKING POC
Wireless Photo Transfer 3.0 iOS - Local File Inclusion
EIP-2026-102318 EXPLOITDB text WRITEUP
Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities
EIP-2026-102317 EXPLOITDB text WRITEUP
Wireless Drive 1.1.0 iOS - Multiple Web Vulnerabilities