Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1912 EXPLOITDB text
PHP Address Book < 7.0 - Cross-Site Scripting via Preferences from Parameter
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
by Stefan Schurtz
CVE-2012-1911 EXPLOITDB text
PHP Address Book < 6.2.11 - SQL Injection via to_group or id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
by Stefan Schurtz
CVE-2012-2903 EXPLOITDB text
PHP Address Book < 6.1.1 - Cross-Site Scripting via PATH_INFO or Language Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
by Stefan Schurtz
CVE-2012-1502 EXPLOITDB text
PyPam < 0.5.0 - Double Free in PyPAM_conv
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
by Markus Vervier
EIP-2026-112733 EXPLOITDB text VERIFIED
ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion
by AkaStep
CVE-2012-1900 EXPLOITDB text
RazorCMS < 1.2.1 - Cross-Site Request Forgery via showcats Action
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.
by Ivano Binetti
EIP-2026-111684 EXPLOITDB text
RazorCMS 1.2.1 STABLE - Arbitrary File Upload
by i2sec_Hyo jun Oh
EIP-2026-109093 EXPLOITDB text VERIFIED
LeKommerce - 'id' SQL Injection
by Mazt0r
EIP-2026-102485 EXPLOITDB text VERIFIED
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Julien Ahrens
EIP-2026-101173 EXPLOITDB text VERIFIED
Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-100536 EXPLOITDB text VERIFIED
SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting
EIP-2026-100535 EXPLOITDB text VERIFIED
SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting
EIP-2026-100534 EXPLOITDB text VERIFIED
SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting
CVE-2011-4837 EXPLOITDB text VERIFIED
HomeSeer HS2 2.5.0.20 - Cross-Site Request Forgery in Web Interface
Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs.
by Silent_Dream
EIP-2026-118952 EXPLOITDB text VERIFIED
NetDecision 4.6.1 - Multiple Directory Traversal Vulnerabilities
by Luigi Auriemma
CVE-2006-2758 EXPLOITDB text
jetty 6.0.x beta16 - Path Traversal via Encoded URL
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
by LiquidWorm
CVE-2012-1617 EXPLOITDB text VERIFIED
OSClass < 2.3.6 - Path Traversal and Arbitrary File Write via Combine.php Type Parameter
Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.
by Filippo Cavallarin
EIP-2026-106966 EXPLOITDB text VERIFIED
Exponent CMS 2.0 - 'src' SQL Injection
by Rob Miller
EIP-2026-100366 EXPLOITDB text
Iciniti Store - SQL Injection
by Sense of Security
EIP-2026-107186 EXPLOITDB text VERIFIED
Fork CMS 3.2.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Gjoko Krstic
EIP-2026-112521 EXPLOITDB text
Symfony2 - Local File Disclosure
by Sense of Security
CVE-2012-1112 EXPLOITDB text VERIFIED
Open-Realty CMS <2.5.8 - Path Traversal
Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php.
by Aung Khant
EIP-2026-109190 EXPLOITDB text
lizard cart - 'search.php' SQL Injection
by Number 7
CVE-2012-1110 EXPLOITDB text VERIFIED
Etano < 1.22 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.
by Aung Khant
CVE-2012-1110 EXPLOITDB text VERIFIED
Etano < 1.22 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.
by Aung Khant