Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1915 EXPLOITDB MEDIUM text VERIFIED
CodeIgniter < 2.1.2 - Cross-Site Scripting via xss_clean() Filter Bypass
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.
by Krzysztof Kotowicz
CVSS 6.1
CVE-2012-4739 EXPLOITDB text VERIFIED
Barracuda SSL VPN < 2.2.2.203 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
by Benjamin Kunz Mejri
CVE-2012-4739 EXPLOITDB text VERIFIED
Barracuda SSL VPN < 2.2.2.203 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
by Benjamin Kunz Mejri
EIP-2026-107198 EXPLOITDB text
Forum Oxalis 0.1.2 - SQL Injection
by Jean Pascal Pereira
EIP-2026-105327 EXPLOITDB text VERIFIED
AVA VoIP - Multiple Vulnerabilities
by Ibrahim El-Sayed
EIP-2026-113233 EXPLOITDB text VERIFIED
web@all - 'name' Cross-Site Scripting
by Sammy FORGIT
EIP-2026-112952 EXPLOITDB text
VamCart CMS 0.9 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-112105 EXPLOITDB text VERIFIED
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-111670 EXPLOITDB text VERIFIED
Rama Zeiten CMS - 'download.php' Remote File Disclosure
by Sammy FORGIT
EIP-2026-110512 EXPLOITDB text
PBBoard CMS 2.1.4 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-106932 EXPLOITDB text VERIFIED
Event Calender PHP - Multiple Input Validation Vulnerabilities
by snup
EIP-2026-106851 EXPLOITDB text VERIFIED
EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities
by Sammy FORGIT
CVE-2012-4399 EXPLOITDB HIGH text VERIFIED
CakePHP 2.1.0-2.1.4 and 2.1.0-alpha-2.1.4 - XML External Entity Injection
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
by Pawel Wylecial
CVSS 7.5
EIP-2026-102104 EXPLOITDB text VERIFIED
Vivotek Cameras - Sensitive Information Disclosure
by GothicX
EIP-2026-106833 EXPLOITDB text VERIFIED
Elite Bulletin Board - Multiple SQL Injections
by ToXiC
EIP-2026-108466 EXPLOITDB text
Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload
by D4NB4R
CVE-2012-10049 EXPLOITDB CRITICAL text VERIFIED
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
by dun
EIP-2026-114009 EXPLOITDB text
WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload
by Chris Kellum
EIP-2026-109240 EXPLOITDB text VERIFIED
Magento eCommerce - Local File Disclosure
by SEC Consult
EIP-2026-108426 EXPLOITDB text
Joomla! Component com_ksadvertiser - Remote File / Bypass Upload
by D4NB4R
CVE-2012-1858 EXPLOITDB text VERIFIED
Microsoft Lync 2010 and 2010 Attendee - Cross-Site Scripting via SafeHTML Component
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
by Adi Cohen
CVE-2010-4980 EXPLOITDB text
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Vulnerability-Lab
EIP-2026-110594 EXPLOITDB text VERIFIED
Phonalisa - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-109082 EXPLOITDB text VERIFIED
Lc Flickr Carousel 1.0 - Local File Disclosure
by GoLd_M
EIP-2026-107659 EXPLOITDB text VERIFIED
House Style 0.1.2 - 'readfile()' Local File Disclosure
by GoLd_M