Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110012 EXPLOITDB text VERIFIED
ocPortal 7.1.5 - 'redirect' Open Redirection
by Aung Khant
CVE-2012-3351 EXPLOITDB MEDIUM text VERIFIED
JW Player < 5.10.2295 - Cross-Site Scripting via Link or Logo Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
by MustLive
CVSS 6.1
EIP-2026-106873 EXPLOITDB text VERIFIED
eNdonesia - 'cid' SQL Injection
by Crim3R
EIP-2026-110940 EXPLOITDB text VERIFIED
phpBB - Multiple SQL Injections
by HauntIT
EIP-2026-112586 EXPLOITDB text VERIFIED
tekno.Portal 0.1b - 'anket.php' SQL Injection
by Socket_0x03
EIP-2026-108813 EXPLOITDB text VERIFIED
Joomla! Component Odudeprofile 2.8 - 'profession' SQL Injection
by Daniel Barragan
EIP-2026-113772 EXPLOITDB text VERIFIED
WordPress Plugin Front End Upload 0.5.4.4 - Arbitrary '.PHP' File Upload
by Chris Kellum
EIP-2026-111185 EXPLOITDB text VERIFIED
phpProfiles - Multiple Vulnerabilities
by L0n3ly-H34rT
CVE-2012-2956 EXPLOITDB text VERIFIED
SpiceWorks 5.3.75941 - SQL Injection
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS.
by dookie
CVE-2012-6658 EXPLOITDB text VERIFIED
SpiceWorks 5.3.75941 - Cross-Site Scripting via SNMP Configuration Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types.
by dookie
CVE-2012-2961 EXPLOITDB text VERIFIED
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
by muts
EIP-2026-109801 EXPLOITDB text
MySQL Squid Access Report 2.1.4 - HTML Injection
by Daniel Godoy
EIP-2026-103261 EXPLOITDB text VERIFIED
Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure
by Ciph3r
CVE-2012-2570 EXPLOITDB text VERIFIED
X-Cart Gold 4.5 - Cross-Site Scripting via products_map.php symb Parameter
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
by muts
CVE-2012-2570 EXPLOITDB text VERIFIED
X-Cart Gold 4.5 - Cross-Site Scripting via products_map.php symb Parameter
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
by Am!r
EIP-2026-116060 EXPLOITDB text
PHP 6.0 - 'openssl_verify()' Local Buffer Overflow (PoC)
by Yakir Wizman
EIP-2026-116028 EXPLOITDB text
Oxide WebServer 2.0.4 - Denial of Service
by SecPod Research
CVE-2012-1769 EXPLOITDB text VERIFIED
Oracle Fusion Middleware 8.3.5 and 8.3.7 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.
by Francis Provencher
CVE-2012-1770 EXPLOITDB text VERIFIED
Oracle Fusion Middleware 8.3.5 and 8.3.7 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.
by Francis Provencher
CVE-2012-1744 EXPLOITDB text VERIFIED
Oracle Outside In Tech <8.3.5,8.3.7 - DoS
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related to Outside In Filters.
by Francis Provencher
EIP-2026-110884 EXPLOITDB text
PHP-Nuke module (SPChat) - SQL Injection
by Yakir Wizman
EIP-2026-109258 EXPLOITDB text VERIFIED
Maian Survey - '/index.php' URI redirection / Local File Inclusion
by PuN!Sh3r
EIP-2026-107709 EXPLOITDB text
iBoutique 4.0 - 'key' SQL Injection
by SecPod Research
CVE-2012-5851 EXPLOITDB text VERIFIED
WebKit - Cross-Site Scripting Bypass via Reflected Data
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
by Tushar Dalvi
EIP-2026-108365 EXPLOITDB text VERIFIED
Joomla! Component com_hello - 'Controller' Local File Inclusion
by AJAX Security Team