Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115833 EXPLOITDB text VERIFIED
Microsoft Word 2010 - Crash (PoC)
by coolkaveh
CVE-2012-5193 EXPLOITDB MEDIUM text VERIFIED
bitweaver < 2.8.1 - Cross-Site Scripting via Path Info or Parameter Injection
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
by Trustwave's SpiderLabs
CVSS 6.1
CVE-2012-10034 EXPLOITDB HIGH text VERIFIED
ClanSphere 2011.3 - Local File Inclusion
ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks.
by blkhtc0rp
CVSS 7.5
EIP-2026-112252 EXPLOITDB text VERIFIED
SMF - 'view' Cross-Site Scripting
by Am!r
CVE-2012-5387 EXPLOITDB text VERIFIED
White Label CMS < 1.5.1 - Cross-Site Request Forgery via wlcms_o_developer_name Parameter
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
by pcsjj
CVE-2012-5388 EXPLOITDB text VERIFIED
White Label CMS 1.5 - Authenticated Stored Cross-Site Scripting via wlcms_o_developer_name Parameter
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
by pcsjj
EIP-2026-114070 EXPLOITDB text
WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities
by waraxe
CVE-2012-5452 EXPLOITDB text VERIFIED
Subrion CMS 2.2.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
by High-Tech Bridge SA
EIP-2026-111940 EXPLOITDB text VERIFIED
Schoolhos CMS Beta 2.29 - 'id' SQL Injection
by Cumi
CVE-2012-1503 EXPLOITDB text
Movable Type Pro 5.13 - Cross-Site Scripting via Comment Section
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
by sqlhacker
EIP-2026-108311 EXPLOITDB text VERIFIED
Joomla! Component com_commedia - 'task' SQL Injection
by D4NB4R
CVE-2012-5453 EXPLOITDB text
ATutor AContent <1.2 - SQL Injection
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
by High-Tech Bridge SA
EIP-2026-101275 EXPLOITDB text VERIFIED
FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection
by Aung Khant
CVE-2011-4640 EXPLOITDB text VERIFIED
SpamTitan WebTitan < 3.50 - Authenticated Path Traversal via logs-x.php fname Parameter
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.
by Richard Conner
EIP-2026-115730 EXPLOITDB text
Microsoft Internet Explorer 9 - Cross-Site Scripting Filter Bypass
by Jean Pascal Pereira
EIP-2026-108558 EXPLOITDB text VERIFIED
Joomla! Component com_tag - 'tag' SQL Injection
by D4NB4R
EIP-2026-108354 EXPLOITDB text VERIFIED
Joomla! Component com_fss 1.9.1.1447 - SQL Injection
by D4NB4R
EIP-2026-106032 EXPLOITDB text
CMSQLite 1.3.2 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105992 EXPLOITDB text VERIFIED
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting
by Netsparker
EIP-2026-103033 EXPLOITDB text
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation
by halfdog
EIP-2026-113753 EXPLOITDB text VERIFIED
WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection
by Ashiyane Digital Security Team
EIP-2026-105634 EXPLOITDB text VERIFIED
BSW Gallery - 'uploadpic.php' Arbitrary File Upload
by cr4wl3r
EIP-2026-105155 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection
by cr4wl3r
EIP-2026-105154 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting
by cr4wl3r
EIP-2026-105153 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'fullscreen.php?albumid' SQL Injection
by cr4wl3r