Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104808 EXPLOITDB text VERIFIED
11in1 CMS 1.2.1 - 'admin/comments?topicID' SQL Injection
by Chokri B.A
EIP-2026-109070 EXPLOITDB text VERIFIED
LastGuru ASP Guestbook - 'View.asp' SQL Injection
by demonalex
CVE-2012-5000 EXPLOITDB text
Witze addon 0.9 - SQL Injection
SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
by Easy Laster
CVE-2012-4997 EXPLOITDB text
AneCMS - Path Traversal
Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
by I2sec-Jong Hwan Park
CVE-2012-4993 EXPLOITDB text
RivetTracker <1.03 - Info Disclosure
torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact.
by Ali Raheem
CVE-2012-4992 EXPLOITDB text
FlashFXP 4.2 - RCE
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
by Vulnerability-Lab
CVE-2012-2105 EXPLOITDB text
Peter Kovacs Timesheet Next Gen - SQL Injection
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
by G13
EIP-2026-106872 EXPLOITDB text
Endian UTM Firewall 2.4.x < 2.5.0 - Multiple Web Vulnerabilities
by Vulnerability-Lab
CVE-2012-4996 EXPLOITDB text
RivetTracker <1.03 - SQL Injection
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php.
by Ali Raheem
CVE-2012-4998 EXPLOITDB text VERIFIED
starCMS - XSS
Cross-site scripting (XSS) vulnerability in index.php in starCMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
by Am!r
CVE-2012-1124 EXPLOITDB CRITICAL text
phxEventManager 2.0 beta 5 - SQL Injection
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
by skysbsb
CVSS 9.8
CVE-2007-6752 EXPLOITDB text
Drupal <7.12 - CSRF
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.
by Ivano Binetti
CVE-2011-4189 EXPLOITDB text
Novell GroupWise <8.02HP3 - RCE
The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.
by Francis Provencher
CVE-2012-4925 EXPLOITDB text
Img Pals Photo Host 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by CorryL
CVE-2012-1466 EXPLOITDB text VERIFIED
Netmechanica Netdecision < 4.5.1 - Information Disclosure
The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information.
by SecPod Research
EIP-2026-113452 EXPLOITDB text
Wolf CMS 0.7.5 - Multiple Vulnerabilities
by longrifle0x
CVE-2012-4926 EXPLOITDB text
Img Pals Photo Host 1.0 - RCE
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action.
by CorryL
CVE-2012-1039 EXPLOITDB text VERIFIED
Dotclear <2.4.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
by High-Tech Bridge SA
CVE-2012-1039 EXPLOITDB text VERIFIED
Dotclear <2.4.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
by High-Tech Bridge SA
CVE-2012-1039 EXPLOITDB text VERIFIED
Dotclear <2.4.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
by High-Tech Bridge SA
CVE-2012-1417 EXPLOITDB text
Yealink Gigabit Color IP Phone Sip-t32g - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
by Narendra Shinde
CVE-2012-1498 EXPLOITDB text
Nikola Posa Webfoliocms1.0.2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.
by Ivano Binetti
CVE-2012-1188 EXPLOITDB text VERIFIED
Fork-cms Fork Cms < 3.2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.
by anonymous
CVE-2012-1188 EXPLOITDB text VERIFIED
Fork-cms Fork Cms < 3.2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.
by anonymous
EIP-2026-117918 EXPLOITDB text VERIFIED
Socusoft Photo 2 Video 8.05 - Local Buffer Overflow
by Vulnerability-Lab
By Source
All 31,342 Writeup 60,265 Exploitdb 50,007 Nomisec 21,834 Metasploit 3,224 Github 2,604 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,978 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 217 shell 91 go 55 postscript 25 xml 24