Exploitdb Exploits

CVE-2012-6534 EXPLOITDB text

Novell Sentinel Log Manager < 1.2.0.2 - Access Control

Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action.

by Piotr Chmylkowski

View

CVE-2012-4988 EXPLOITDB text

XnView <1.99.1 - Buffer Overflow

Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

by Joseph Sheridan

View

EIP-2026-115126 EXPLOITDB text VERIFIED

Cyme ChartFX Client Server - ActiveX Control Array Indexing

by Francis Provencher

View

CVE-2012-4902 EXPLOITDB text

Template CMS <2.1.1 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.

by High-Tech Bridge SA

View

EIP-2026-111153 EXPLOITDB text VERIFIED

phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities

by L0n3ly-H34rT

View

EIP-2026-111146 EXPLOITDB text VERIFIED

phpMyBitTorrent 2.04 - Multiple Vulnerabilities

by waraxe

View

EIP-2026-114081 EXPLOITDB text VERIFIED

WordPress Plugin spider Calendar - Multiple Vulnerabilities

by D4NB4R

View

EIP-2026-110035 EXPLOITDB text

Omnistar Mailer 7.2 - Multiple Vulnerabilities

by Vulnerability-Lab

View

CVE-2012-10037 EXPLOITDB CRITICAL text VERIFIED

PhpTax 0.8 - RCE

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.

by Jean Pascal Pereira

View

EIP-2026-114603 EXPLOITDB text VERIFIED

ZenPhoto - 'admin-news-articles.php' Cross-Site Scripting

by Scott Herbert

View

EIP-2026-112515 EXPLOITDB text VERIFIED

Switchvox - Multiple HTML Injection Vulnerabilities

by Ibrahim El-Sayed

View

EIP-2026-103005 EXPLOITDB text

soapbox 0.3.1 - Local Privilege Escalation

by Jean Pascal Pereira

View

EIP-2026-115282 EXPLOITDB text VERIFIED

Foxit Reader 5.4.3.0920 - Crash (PoC)

by coolkaveh

View

EIP-2026-110033 EXPLOITDB text VERIFIED

Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities

by Vulnerability Laboratory

View

EIP-2026-105066 EXPLOITDB text VERIFIED

AlamFifa CMS - 'user_name_cookie' SQL Injection

by L0n3ly-H34rT

View

EIP-2026-103936 EXPLOITDB text VERIFIED

IBM Lotus Notes Traveler 8.5.1.x - Multiple Input Validation Vulnerabilities

by MustLive

View

EIP-2026-117912 EXPLOITDB text

Smartfren Connex EC 1261-2 UI OUC - Local Privilege Escalation

by X-Cisadane

View

CVE-2012-4051 EXPLOITDB text

Jamf Casper Suite < 8.6 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.

by Jacob Holcomb

View

EIP-2026-113521 EXPLOITDB text VERIFIED

WordPress Plugin ABC Test - 'id' Cross-Site Scripting

by Scott Herbert

View

EIP-2026-113064 EXPLOITDB text

ViArt Shop Evaluation 4.1 - Multiple Remote File Inclusions

by L0n3ly-H34rT

View

EIP-2026-103251 EXPLOITDB text VERIFIED

YingZhiPython - Directory Traversal / Arbitrary File Upload

by Larry Cashdollar

View

CVE-2011-1613 EXPLOITDB text

Cisco Wireless LAN Controller <6.0.200.0-7.0.112.0 - DoS

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426.

by Daniel Smith

View

EIP-2026-114120 EXPLOITDB text VERIFIED

WordPress Plugin Token Manager - 'tid' Cross-Site Scripting

by TheCyberNuxbie

View

EIP-2026-113063 EXPLOITDB text

ViArt Shop Enterprise 4.1 - Arbitrary Command Execution

by LiquidWorm

View

EIP-2026-100942 EXPLOITDB text VERIFIED

ZEN Load Balancer - Multiple Vulnerabilities

by Brendan Coles

View