Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2939 EXPLOITDB text VERIFIED
Travelon Express 6.2.2 - Authenticated Arbitrary File Upload via airline-edit.php hotel-image-add.php or hotel-add.php
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
by Vulnerability-Lab
CVE-2012-4279 EXPLOITDB text VERIFIED
Free Realty 3.1-0.6 - SQL Injection via Agent Display or Admin Edit Parameters
Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php.
by Vulnerability-Lab
CVE-2012-4278 EXPLOITDB text VERIFIED
Free Realty 3.1-0.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3) previewdesc, (4) fulldesc, or (5) notes parameter (b) to agentadmin.php or (c) in an addlisting action to agentadmin.php; or unspecified vectors to (d) admin/adminfeatures.php.
by Vulnerability-Lab
CVE-2012-4265 EXPLOITDB text
Proman Xpress 5.0.1 - SQL Injection via category_edit.php cid Parameter
SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Vulnerability-Lab
CVE-2012-2938 EXPLOITDB text VERIFIED
Travelon Express 6.2.2 - Cross-Site Scripting via Holiday Name Field
Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
by Vulnerability-Lab
CVE-2012-2908 EXPLOITDB text
Viscacha 0.8.1.1 - SQL Injection via bbcodeexample, buttonimage, or bbcodetag Parameter
Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.
by Vulnerability-Lab
CVE-2012-2371 EXPLOITDB text VERIFIED
WP-FaceThumb 0.1 - Cross-Site Scripting via Pagination Parameter
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
by d3v1l
CVE-2012-2909 EXPLOITDB text
Viscacha 0.8.1.1 - Stored Cross-Site Scripting via Private Messages, Bad Word, Portal, or Topic Fields
Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar.
by Vulnerability-Lab
CVE-2012-4281 EXPLOITDB text VERIFIED
Travelon Express 6.2.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
by Vulnerability-Lab
CVE-2012-4266 EXPLOITDB text
Proman Xpress 5.0.1 - Cross-Site Scripting via cl_comments Parameter
Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information.
by Vulnerability-Lab
CVE-2012-2338 EXPLOITDB text VERIFIED
Galette 0.63-0.64rc1 - SQL Injection via id_adh Parameter
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
by sbz
CVE-2012-4280 EXPLOITDB text VERIFIED
Free Realty 3.1-0.6 - Cross-Site Request Forgery in Agent Editor
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.
by Vulnerability-Lab
EIP-2026-102392 EXPLOITDB text
Liferay Portal 6.0.x < 6.1 - Privilege Escalation
by Jelmer Kuperus
CVE-2012-4267 EXPLOITDB text VERIFIED
Sockso < 1.5 - Stored Cross-Site Scripting via User Registration Name Parameter
Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by Ciaran McNally
EIP-2026-116118 EXPLOITDB text VERIFIED
QNX phrelay/phindows/phditto - Multiple Vulnerabilities
by Luigi Auriemma
CVE-2012-2765 EXPLOITDB text
Belkin F5D7234-4 v5 G Wireless Router - Remote Hash Exposed
by Avinash Tangirala
CVE-2012-2923 EXPLOITDB text
Hypermethod eLearning Server 4G - SQL Injection
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
by Andrey Komarov
EIP-2026-108994 EXPLOITDB text
Kerio WinRoute Firewall Web Server < 6 - Source Code Disclosure
by Andrey Komarov
CVE-2012-2924 EXPLOITDB text
Hypermethod eLearning Server 4G - RCE
PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by Andrey Komarov
CVE-2012-2919 EXPLOITDB text VERIFIED
Chevereto 1.9.1 - Path Traversal via Upload Engine v Parameter
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
by AkaStep
CVE-2012-2918 EXPLOITDB text VERIFIED
Chevereto 1.91 - Cross-Site Scripting via Upload Engine v Parameter
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
by AkaStep
CVE-2012-2612 EXPLOITDB text VERIFIED
SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
by Core Security
EIP-2026-115132 EXPLOITDB text VERIFIED
DecisionTools SharpGrid - ActiveX Control Remote Code Execution
by Francis Provencher
CVE-2012-6047 EXPLOITDB text VERIFIED
x7_chat < 2.0.5.1 - Cross-Site Request Forgery via Admin Panel User Group Addition
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
by DennSpec
CVE-2012-2274 EXPLOITDB text VERIFIED
PivotX < 2.3.2 - Cross-Site Scripting via File Parameter
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
by High-Tech Bridge SA
By Source
All 31,386 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25