Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2590 EXPLOITDB python VERIFIED
ESCON SupportPortal Professional Edition 3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV="Set-Cookie" META element, or (4) an innerHTML attribute within an XML document.
by loneferret
CVE-2012-2591 EXPLOITDB python VERIFIED
EmailArchitect Email Server <10.0.0.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.
by loneferret
CVE-2012-2592 EXPLOITDB python VERIFIED
Axigen Mail Server 8.0.1 - Cross-Site Scripting via Email Body
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
by loneferret
CVE-2012-2584 EXPLOITDB python VERIFIED
Alt-N MDaemon Free 12.5.4 - Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document.
by loneferret
CVE-2012-2587 EXPLOITDB python VERIFIED
AfterLogic MailSuite Pro 6.3 - Stored Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element.
by loneferret
CVE-2012-2572 EXPLOITDB python VERIFIED
ThreeWP Email Reflector <1.16 - XSS
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
by loneferret
CVE-2012-2579 EXPLOITDB python VERIFIED
WP SimpleMail 1.0.6 - Cross-Site Scripting via Email Fields
Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.
by loneferret
CVE-2012-2580 EXPLOITDB python VERIFIED
Postie < 1.5.15 - Cross-Site Scripting via Email From Field
Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.
by loneferret
CVE-2012-2583 EXPLOITDB python VERIFIED
Mini Mail Dashboard Widget <1.42 - XSS
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.
by loneferret
CVE-2012-2573 EXPLOITDB python VERIFIED
T-dah WebMail 3.2.0-2.3 - Stored Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by loneferret
EIP-2026-116996 EXPLOITDB python VERIFIED
CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (2)
by pole
EIP-2026-109440 EXPLOITDB python VERIFIED
Mibew Messenger 1.6.4 - 'threadid' SQL Injection
by Ucha Gobejishvili
CVE-2012-4178 EXPLOITDB python VERIFIED
Symantec Web Gateway 5.0.3.18 - SQL Injection via groupid Parameter
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.
by Kc57
EIP-2026-104514 EXPLOITDB python VERIFIED
Zenoss 3.2.1 - (Authenticated) Remote Command Execution
by Brendan Coles
CVE-2009-1328 EXPLOITDB python VERIFIED
Mini-stream RM-MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
by Ptrace Security
CVE-2012-3571 EXPLOITDB python VERIFIED
ISC DHCP 4.1.2-4.2.4 and 4.1-ESV < R6 - Denial of Service via Malformed Client Identifier
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
by Markus Hietava
CVE-2012-3435 EXPLOITDB python VERIFIED
Zabbix < 1.8.15 - SQL Injection via itemid Parameter
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
by muts
CVE-2012-2957 EXPLOITDB python VERIFIED
Symantec Web Gateway <5.0.3.18 - Privilege Escalation
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
by muts
CVE-2012-2953 EXPLOITDB python VERIFIED
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
by muts
EIP-2026-117659 EXPLOITDB python
MyMp3 Player Stack - '.m3u' File DEP Bypass
by Daniel Romero
CVE-2012-3835 EXPLOITDB python VERIFIED
AlienVault OSSIM 3.1 - Cross-Site Scripting via URL Parameter or Time Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
by muts
CVE-2012-2574 EXPLOITDB python VERIFIED
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
by muts
CVE-2012-2962 EXPLOITDB python VERIFIED
Plixer Scrutinizer <9.5.2 - SQL Injection
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
by muts
CVE-2012-2593 EXPLOITDB MEDIUM python VERIFIED
Atmail Webmail Server 6.4 - Cross-Site Scripting via Email Date Field
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
by muts
CVSS 6.1
EIP-2026-102721 EXPLOITDB python VERIFIED
ptunnel 0.72 - Remote Denial of Service
by st3n
By Source
All 4,759 Writeup 62,600 Exploitdb 50,076 Nomisec 22,502 Github 3,754 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,637 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 140 go 74 postscript 25 typescript 25