Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-4878 EXPLOITDB text VERIFIED
FlatnuX CMS 2011 08.09.2 - Path Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
by Vulnerability Laboratory
CVE-2012-4889 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
CVE-2012-4889 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
CVE-2012-4889 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
CVE-2012-4889 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
CVE-2012-5899 EXPLOITDB text VERIFIED
SAMEDIA LandShop 0.9.2 - Cross-Site Scripting via OTR_HEADS Parameter
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information.
by Vulnerability-Lab
CVE-2012-5898 EXPLOITDB text VERIFIED
SAMEDIA LandShop 0.9.2 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
by Vulnerability-Lab
CVE-2012-0406 EXPLOITDB text VERIFIED
EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Malformed AUTHENTICATECONNECTION Command
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.
by Luigi Auriemma
CVE-2012-2109 EXPLOITDB text VERIFIED
BuddyPress 1.5.x < 1.5.5 - SQL Injection via Activity Widget Filter Page Parameter
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
by Ivan Terkin
EIP-2026-113456 EXPLOITDB text VERIFIED
Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection
by Easy Laster
CVE-2012-5900 EXPLOITDB text VERIFIED
SAMEDIA LandShop 0.9.2 - SQL Injection via OB_ID, AREA_ID, or start Parameter
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
by Vulnerability-Lab
EIP-2026-102589 EXPLOITDB text VERIFIED
Flock 2.6.1 - Denial of Service
by r45c4l
CVE-2012-0407 EXPLOITDB text VERIFIED
EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Integer Overflow in DPA_Utilities Library
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
by Luigi Auriemma
CVE-2012-1613 EXPLOITDB text VERIFIED
Coppermine Photo Gallery < 1.5.20 - Authenticated Cross-Site Scripting via Keywords Parameter
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
by waraxe
EIP-2026-116892 EXPLOITDB text
Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow
by Vulnerability-Lab
CVE-2012-1979 EXPLOITDB text VERIFIED
SyndeoCMS < 3.0.01 - Authenticated Stored Cross-Site Scripting via Email Parameter
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
by Ivano Binetti
EIP-2026-110684 EXPLOITDB text VERIFIED
PHP Designer 2007 Personal - Multiple SQL Injections
by MR.XpR
EIP-2026-108037 EXPLOITDB text VERIFIED
JamWiki 1.1.5 - 'num' Cross-Site Scripting
by Sooraj K.S
EIP-2026-106660 EXPLOITDB text VERIFIED
e107 1.0 - 'view' SQL Injection
by Am!r
CVE-2012-5891 EXPLOITDB text VERIFIED
DAlbum < 1.44 - Cross-Site Request Forgery in User Management
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
by Ahmed Elhady Mohamed
CVE-2012-1614 EXPLOITDB text VERIFIED
Coppermine Photo Gallery < 1.5.20 - Exposure of Sensitive Information via Error Message
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
by waraxe
EIP-2026-105247 EXPLOITDB text VERIFIED
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections
by SecPod Research
CVE-2012-5903 EXPLOITDB text VERIFIED
Simple Machines Forum 2.0.2 - Cross-Site Scripting via Scheduled Parameter
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
by Am!r
CVE-2012-1597 EXPLOITDB text VERIFIED
ezjscore < 1.4 - Cross-Site Scripting via textEncode Function
Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Yann MICHARD
EIP-2026-106730 EXPLOITDB text VERIFIED
EasyPHP - 'main.php' SQL Injection
by Skote Vahshat