Exploitdb Exploits

CVE-2012-5861 EXPLOITDB text

Sinapsitech Sinapsi Firmware < 2.0.2870 - SQL Injection

These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.

by Roberto Paleari

View

EIP-2026-113308 EXPLOITDB text VERIFIED

Webify Photo Gallery - Arbitrary File Deletion

by JIKO

View

EIP-2026-113306 EXPLOITDB text

Webify eDownloads Cart - Arbitrary File Deletion

by JIKO

View

EIP-2026-113305 EXPLOITDB text VERIFIED

Webify Business Directory - Arbitrary File Deletion

by JIKO

View

CVE-2012-4773 EXPLOITDB text

Subrion CMS <2.2.3 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.

by LiquidWorm

View

CVE-2012-5864 EXPLOITDB text

Sinapsitech Sinapsi Firmware < 2.0.2870 - Authentication Bypass

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.

by Roberto Paleari

View

EIP-2026-104173 EXPLOITDB text VERIFIED

Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting

by D. Niedermaier

View

EIP-2026-100390 EXPLOITDB text

Knowledge Base Enterprise Edition 4.62.0 - SQL Injection

by Vulnerability-Lab

View

CVE-2012-4908 EXPLOITDB text VERIFIED

Google Chrome <18.0.1025308 - CSRF

Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.

by Artem Chaykin

View

CVE-2012-4906 EXPLOITDB text VERIFIED

Google Chrome <18.0.1025308 - Info Disclosure

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.

by Artem Chaykin

View

CVE-2012-4909 EXPLOITDB text VERIFIED

Google Chrome <18.0.1025308 - Info Disclosure

Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.

by Artem Chaykin

View

CVE-2012-4905 EXPLOITDB text VERIFIED

Google Chrome <18.0.1025308 - XSS

Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."

by Artem Chaykin

View

EIP-2026-113304 EXPLOITDB text VERIFIED

Webify Blog - Arbitrary File Deletion

by JIKO

View

EIP-2026-107061 EXPLOITDB text VERIFIED

FBDj - 'id' SQL Injection

by TUNISIAN CYBER

View

EIP-2026-105061 EXPLOITDB text VERIFIED

akcms 4.2.4 - Information Disclosure

by L0n3ly-H34rT

View

EIP-2026-113074 EXPLOITDB text

VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities

by Ertebat Gostar Co

View

EIP-2026-113073 EXPLOITDB text VERIFIED

VICIDIAL Call Center Suite - Multiple SQL Injections

by Ertebat Gostar Co

View

EIP-2026-112187 EXPLOITDB text VERIFIED

SiteGo - Remote File Inclusion

by L0n3ly-H34rT

View

CVE-2010-1480 EXPLOITDB text

Joomla! com_rokmodule 1.1 - SQL Injection

SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.

by Yarolinux

View

CVE-2008-6720 EXPLOITDB text VERIFIED

Deltascripts Php Links < 1.3 - SQL Injection

SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).

by L0n3ly-H34rT

View

EIP-2026-116522 EXPLOITDB text VERIFIED

WAP Proof 2008 - Denial of Service

by Orion Einfold

View

EIP-2026-111281 EXPLOITDB text VERIFIED

Pinterestclones - Security Bypass / HTML Injection

by DaOne

View

EIP-2026-111280 EXPLOITDB text

Pinterest Clone Script - Multiple Vulnerabilities

by DaOne

View

EIP-2026-114346 EXPLOITDB text VERIFIED

WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities

by Matan Azugi

View

CVE-2012-2275 EXPLOITDB text

Teamst Testlink < 1.9.3 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.

by High-Tech Bridge SA

View