Exploitdb Exploits

CVE-2012-3836 EXPLOITDB text VERIFIED

Babygekko Baby Gekko < 1.1.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php.

by LiquidWorm

View

CVE-2012-2227 EXPLOITDB text

Pluxml < 5.1.5 - Path Traversal

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.

by High-Tech Bridge SA

View

CVE-2012-3838 EXPLOITDB text VERIFIED

Babygekko Baby Gekko < 1.1.5 - Information Disclosure

Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php.

by LiquidWorm

View

EIP-2026-102528 EXPLOITDB text VERIFIED

OpenKM 5.1.7 - Cross-Site Request Forgery

by Cyrill Brunschwiler

View

CVE-2011-3479 EXPLOITDB text

Symantec pcAnywhere <12.5.3 - Privilege Escalation

Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.

by Edward Torkington

View

CVE-2012-3831 EXPLOITDB text

Milesj Decoda < 3.3 - XSS

Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag.

by RedTeam Pentesting

View

EIP-2026-101802 EXPLOITDB text VERIFIED

iGuard Security Access Control Device Firmware 3.6.7427A - Cross-Site Scripting

by Usman Saeed

View

EIP-2026-100933 EXPLOITDB text

Websense Triton - Multiple Vulnerabilities

by Ben Williams

View

CVE-2012-3839 EXPLOITDB text VERIFIED

Myclientbase - SQL Injection

Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.

by Vulnerability-Lab

View

EIP-2026-114296 EXPLOITDB text VERIFIED

WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting

by Mehmet Ince

View

EIP-2026-112445 EXPLOITDB text VERIFIED

STRATO NewsLetter Manager - Directory Traversal

by Zero X

View

EIP-2026-110266 EXPLOITDB text VERIFIED

opencart 1.5.2.1 - Multiple Vulnerabilities

by waraxe

View

CVE-2012-3840 EXPLOITDB text VERIFIED

Myclientbase - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.

by Vulnerability-Lab

View

EIP-2026-107382 EXPLOITDB text VERIFIED

GENU CMS 2012.3 - Multiple SQL Injections

by Vulnerability-Lab

View

CVE-2012-6518 EXPLOITDB text VERIFIED

Diy-cms - CSRF

Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.

by Vulnerability-Lab

View

CVE-2012-6517 EXPLOITDB text VERIFIED

Diy-cms - XSS

Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php.

by Vulnerability-Lab

View

CVE-2012-4598 EXPLOITDB text VERIFIED

McAfee Virtual Technician <6.4 - RCE

An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.

by rgod

View

EIP-2026-114277 EXPLOITDB text VERIFIED

WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting

by Am!r

View

EIP-2026-110334 EXPLOITDB text

Opial CMS 2.0 - Multiple Vulnerabilities

by Vulnerability-Lab

View

CVE-2012-6519 EXPLOITDB text VERIFIED

Diy-cms - SQL Injection

SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php.

by Vulnerability-Lab

View

CVE-2012-6510 EXPLOITDB text

Netartmedia Car Portal - XSS

Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile.

by Vulnerability-Lab

View

CVE-2012-4259 EXPLOITDB text

C4B Xphone Unified Communications 2011 - XSS

Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.

by Vulnerability-Lab

View

CVE-2012-3834 EXPLOITDB text VERIFIED

Alienvault Open Source Security Information Management - SQL Injection

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.

by Stefan Schurtz

View

EIP-2026-112310 EXPLOITDB text VERIFIED

Soco CMS - Local File Inclusion

by BHG Security Center

View

CVE-2012-3835 EXPLOITDB text VERIFIED

Alienvault Open Source Security Information Management - XSS

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.

by Stefan Schurtz

View