Exploitdb Exploits

CVE-2013-3721 EXPLOITDB text VERIFIED

Psychostats - SQL Injection

SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.

by Mohamed from ALG

View

EIP-2026-110344 EXPLOITDB text VERIFIED

OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities

by 3spi0n

View

CVE-2012-5909 EXPLOITDB text VERIFIED

Mybb - SQL Injection

SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.

by Aditya Modha

View

CVE-2012-5908 EXPLOITDB text VERIFIED

Mybb - XSS

Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.

by Aditya Modha

View

CVE-2008-5489 EXPLOITDB text VERIFIED

ClipShare Pro <2008 - SQL Injection

SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.

by Esac

View

EIP-2026-113882 EXPLOITDB text VERIFIED

WordPress Plugin Mathjax Latex 1.1 - Cross-Site Request Forgery

by Junaid Hussain

View

EIP-2026-103933 EXPLOITDB text VERIFIED

IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities

by MustLive

View

EIP-2026-101422 EXPLOITDB text

Rosewill RSVA11001 - Remote Command Injection

by Eric Urban

View

EIP-2026-113589 EXPLOITDB text VERIFIED

WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection

by Fernando A. Lagos B

View

EIP-2026-107212 EXPLOITDB text VERIFIED

Free Hosting Manager 2.0.2 - Multiple SQL Injections

by Saadi Siddiqui

View

EIP-2026-105943 EXPLOITDB text VERIFIED

ClipShare 4.1.1 - 'gid' Blind SQL Injection

by Esac

View

CVE-2013-6229 EXPLOITDB text VERIFIED

Atmail - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.

by Vicente Aguilera Diaz

View

CVE-2013-6229 EXPLOITDB text VERIFIED

Atmail - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.

by Vicente Aguilera Diaz

View

CVE-2013-6229 EXPLOITDB text VERIFIED

Atmail - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.

by Vicente Aguilera Diaz

View

EIP-2026-108039 EXPLOITDB text VERIFIED

Jaow CMS - 'add_ons' Cross-Site Scripting

by Metropolis

View

EIP-2026-117761 EXPLOITDB text VERIFIED

Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Local Privilege Escalation

by Julien Ahrens

View

EIP-2026-112444 EXPLOITDB text VERIFIED

Stradus CMS 1.0beta4 - Multiple Vulnerabilities

by DaOne

View

EIP-2026-112211 EXPLOITDB text VERIFIED

Slash CMS - Multiple Vulnerabilities

by DaOne

View

CVE-2013-1891 EXPLOITDB MEDIUM text VERIFIED

Opencart < 1.5.5.1 - Path Traversal

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.

by waraxe

CVSS 6.5

View

EIP-2026-107137 EXPLOITDB text VERIFIED

Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion

by DaOne

View

EIP-2026-104919 EXPLOITDB text VERIFIED

AContent 1.3 - Local File Inclusion

by DaOne

View

CVE-2012-1663 EXPLOITDB text

Gnutls < 3.0.13 - Resource Management Error

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

by Shawn the R0ck

View

EIP-2026-101102 EXPLOITDB text

TP-Link TL-WR740N Wireless Router - Denial of Service

by LiquidWorm

View

CVE-2013-2294 EXPLOITDB MEDIUM text

Viewgit < 0.0.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php.

by Matthew R. Bucci

CVSS 6.1

View

EIP-2026-111717 EXPLOITDB text VERIFIED

Rebus:list - 'list.php?list_id' SQL Injection

by Robert Cooper

View