Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114517 EXPLOITDB text VERIFIED
Yellow Duck Framework 2.0 Beta1 - Local File Disclosure
by L3b-r1'z
EIP-2026-111848 EXPLOITDB text VERIFIED
Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
by AkaStep
CVE-2012-2452 EXPLOITDB MEDIUM text VERIFIED
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
CVE-2012-2452 EXPLOITDB MEDIUM text VERIFIED
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
CVE-2012-2436 EXPLOITDB text VERIFIED
Pligg CMS < 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
by High-Tech Bridge SA
EIP-2026-111019 EXPLOITDB text VERIFIED
phpCollab 2.5 - Database Backup Information Disclosure
by team ' & 1=1--
EIP-2026-105059 EXPLOITDB text VERIFIED
Ajaxmint Gallery 1.0 - Local File Inclusion
by AkaStep
CVE-2007-6587 EXPLOITDB text VERIFIED
Plogger 1.0 Beta 3.0 - SQL Injection
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Eyup CELIK
CVE-2012-2385 EXPLOITDB text VERIFIED
mosh < 1.2.1 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Timo Juhani Lindfors
CVE-2012-2941 EXPLOITDB text VERIFIED
Yandex.Server 2010 9.0 Enterprise - XSS
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
by MustLive
CVE-2012-6557 EXPLOITDB text VERIFIED
AboutMe plugin 1.1.1 for Vanilla Forums - Stored Cross-Site Scripting via Edit My Details Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
CVE-2012-6556 EXPLOITDB text VERIFIED
FirstLastNames 1.1.1 - Cross-Site Scripting via User FirstName or LastName Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
EIP-2026-111074 EXPLOITDB text VERIFIED
PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting
by Eyup CELIK
EIP-2026-100099 EXPLOITDB text VERIFIED
Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions
by Aung Khant
EIP-2026-100098 EXPLOITDB text VERIFIED
Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp?path' Traversal Arbitrary File Access
by Aung Khant
EIP-2026-106129 EXPLOITDB text VERIFIED
Concrete5 CMS FlashUploader - Arbitrary '.SWF' File Upload
by AkaStep
EIP-2026-105341 EXPLOITDB text VERIFIED
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
by Eyup CELIK
CVE-2012-6559 EXPLOITDB text
FreeNAC 3.02 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php.
by blake
EIP-2026-110639 EXPLOITDB text VERIFIED
PHP Address Book 7.0.0 - Multiple Vulnerabilities
by Stefan Schurtz
CVE-2012-6560 EXPLOITDB text
FreeNAC 3.02 - SQL Injection via Device Add Status Parameter
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.
by blake
CVE-2012-0181 EXPLOITDB text VERIFIED
Windows 7 and Windows Server 2008 - Privilege Escalation via Keyboard Layout File
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
by Cr4sh
CVE-2012-6555 EXPLOITDB text VERIFIED
LatestComment 1.1 - Cross-Site Scripting via Discussion Title
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
by Henry Hoggard
CVE-2012-2271 EXPLOITDB text VERIFIED
SkinCrafter 3.0 - Buffer Overflow via InitLicenKeys reg_name Argument
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
by saurabh sharma
EIP-2026-110638 EXPLOITDB text VERIFIED
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
CVE-2012-2906 EXPLOITDB text VERIFIED
Artiphp CMS 5.5.0 Neo - Cross-Site Scripting via artpublic/recommandation/index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter.
by Gjoko Krstic