Vulnerability-Lab

343 exploits Active since Jan 2008
EIP-2026-104923 EXPLOITDB text WRITEUP
Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities
EIP-2026-104913 EXPLOITDB text WRITEUP
Achievo 1.4.3 - Multiple Web Vulnerabilities
EIP-2026-104430 EXPLOITDB text WRITEUP
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities
EIP-2026-104399 EXPLOITDB text WRITEUP
Pimcore CMS 2.3.0/3.0 - SQL Injection
EIP-2026-104387 EXPLOITDB text WRITEUP
OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities
CVE-2015-5150 EXPLOITDB text WRITEUP
ManageEngine SupportCenter Plus 7.90 - Authenticated Cross-Site Scripting via Query Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.
EIP-2026-104341 EXPLOITDB text WRITEUP
Mobile Atlas Creator 1.9.12 - Persistent Command Injection
EIP-2026-104479 EXPLOITDB text WRITEUP
VestaCP 0.9.8-26 - 'backup' Information Disclosure
EIP-2026-104445 EXPLOITDB text WRITEUP
SonicWALL CDP 5040 6.x - Multiple Vulnerabilities
EIP-2026-104155 EXPLOITDB text WRITEUP
AirDroid iOS / Android / Win 3.1.3 - Persistent
EIP-2026-104239 EXPLOITDB text WRITEUP
Endpoint Protector 4.0.4.0 - Multiple Vulnerabilities
EIP-2026-104234 EXPLOITDB text WRITEUP
Elite Graphix ElitCMS 1.01 / PRO - Multiple Web Vulnerabilities
CVE-2014-2879 EXPLOITDB text WRITEUP
SonicWALL Email Security Appliance < 7.4.5 - Authenticated Cross-Site Scripting via Upload Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
CVE-2012-1047 EXPLOITDB text WORKING POC
Cyberoam Central Console <2.00.2 - Path Traversal
Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action.
CVE-2017-13754 EXPLOITDB MEDIUM text WORKING POC
CodeMeter < 6.50a - Cross-Site Scripting via Time Server Configuration
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
CVSS 5.4
EIP-2026-104185 EXPLOITDB text WRITEUP
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent
CVE-2016-0956 EXPLOITDB HIGH text WORKING POC
Apache Sling 2.3.6 - Info Disclosure
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS 7.5
EIP-2026-103763 EXPLOITDB text WRITEUP
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
CVE-2013-6674 EXPLOITDB text WORKING POC
SeaMonkey < 2.20 - Cross-Site Scripting via Data URL in IFRAME
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
EIP-2026-103295 EXPLOITDB text WORKING POC
Mahara 19.10.2 CMS - Persistent Cross-Site Scripting
EIP-2026-103272 EXPLOITDB text WRITEUP
DornCMS Application 1.4 - Multiple Web Vulnerabilities
EIP-2026-102539 EXPLOITDB text WRITEUP
Totemomail 4.x/5.x - Persistent Cross-Site Scripting
EIP-2026-102306 EXPLOITDB text WRITEUP
vPhoto-Album 4.2 iOS - Local File Inclusion
CVE-2013-7025 EXPLOITDB text WRITEUP
SonicWALL GMS Analyzer and UMA EM5000 7.1 SP1 - Authenticated Cross-Site Scripting via valfield_1 or value_1 Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
EIP-2026-102460 EXPLOITDB text WRITEUP
Barracuda Control Center 620 - Multiple Web Vulnerabilities