Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2919 EXPLOITDB text VERIFIED
Chevereto 1.9.1 - Path Traversal
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
by AkaStep
CVE-2012-2918 EXPLOITDB text VERIFIED
Chevereto 1.91 - XSS
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
by AkaStep
CVE-2012-2612 EXPLOITDB text VERIFIED
SAP NetWeaver <7.0 EHP2 - DoS
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
by Core Security
EIP-2026-115132 EXPLOITDB text VERIFIED
DecisionTools SharpGrid - ActiveX Control Remote Code Execution
by Francis Provencher
CVE-2012-6047 EXPLOITDB text VERIFIED
X7 Group X7 Chat < 2.0.5.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
by DennSpec
CVE-2012-2274 EXPLOITDB text VERIFIED
Pivotx < 2.3.2 - XSS
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
by High-Tech Bridge SA
CVE-2012-1507 EXPLOITDB text VERIFIED
Orangehrm < 2.6.12.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
by High-Tech Bridge SA
CVE-2012-1507 EXPLOITDB text VERIFIED
Orangehrm < 2.6.12.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
by High-Tech Bridge SA
CVE-2012-1507 EXPLOITDB text VERIFIED
Orangehrm < 2.6.12.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
by High-Tech Bridge SA
CVE-2012-1506 EXPLOITDB text VERIFIED
Orangehrm < 2.6.12.1 - SQL Injection
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2012-2332 EXPLOITDB text VERIFIED
Serendipity <1.6.1 - SQL Injection
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
by Stefan Schurtz
EIP-2026-101352 EXPLOITDB text VERIFIED
Linksys WRT54GL Wireless Router - Cross-Site Request Forgery
by Kalashinkov3
CVE-2012-4260 EXPLOITDB text VERIFIED
Hccgmbh Mycare2x - SQL Injection
Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php.
by Vulnerability-Lab
CVE-2012-4282 EXPLOITDB text VERIFIED
Toocharger Trombinoscope - SQL Injection
SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ramdan Yantu
CVE-2012-6045 EXPLOITDB text VERIFIED
Ramui Forum - XSS
Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter.
by 3spi0n
CVE-2012-2925 EXPLOITDB text VERIFIED
Simple PHP Agenda 2.2.8 - SQL Injection
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
by loneferret
CVE-2012-4258 EXPLOITDB text VERIFIED
Myrephp Myre Real Estate Software - SQL Injection
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.
by Vulnerability-Lab
CVE-2012-4262 EXPLOITDB text VERIFIED
Hccgmbh Mycare2x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
by Vulnerability-Lab
EIP-2026-108092 EXPLOITDB text VERIFIED
JibberBook 2.3 - 'Login_form.php' Authentication Bypass
by L3b-r1'z
EIP-2026-107379 EXPLOITDB text
Genium CMS 2012/Q2 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-100846 EXPLOITDB text
Lynx Message Server - Multiple Vulnerabilities
by Mark Lachniet
EIP-2026-100329 EXPLOITDB text
Fortinet FortiWeb Web Application Firewall - Policy Bypass
by Geffrey Velasquez
CVE-2012-1990 EXPLOITDB text VERIFIED
Schneider-electric Kerweb < 3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.
by phocean
EIP-2026-112520 EXPLOITDB text
Symantec Web Gateway - Cross-Site Scripting
by B00y@
CVE-2012-3837 EXPLOITDB text VERIFIED
Babygekko Baby Gekko < 1.2.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information.
by LiquidWorm
By Source
All 31,342 Writeup 60,262 Exploitdb 50,007 Nomisec 21,814 Metasploit 3,224 Github 2,602 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,978 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24