Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars

CVE-2012-1782 EXPLOITDB text VERIFIED

Osqa - XSS

Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.

by Ucha Gobejishvili

View

EIP-2026-105583 EXPLOITDB text VERIFIED

Bontq - 'user/' URI Cross-Site Scripting

by sonyy

View

CVE-2012-4923 EXPLOITDB text VERIFIED

Endian Firewall 2.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.

by Vulnerability Research Laboratory

View

CVE-2012-4923 EXPLOITDB text VERIFIED

Endian Firewall 2.4 - XSS

by Vulnerability Research Laboratory

View

CVE-2012-4923 EXPLOITDB text VERIFIED

Endian Firewall 2.4 - XSS

by Vulnerability Research Laboratory

View

CVE-2012-1787 EXPLOITDB text VERIFIED

Webglimpse < 2.20.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.

by MustLive

View

CVE-2012-1784 EXPLOITDB text VERIFIED

Myjoblist - SQL Injection

SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php.

by Red Security TEAM

View

CVE-2012-1297 EXPLOITDB text

Contao Cms < 2.11.0 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.

by Ivano Binetti

View

CVE-2012-6533 EXPLOITDB text VERIFIED

Symantec Pgp Desktop - Memory Corruption

Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.

by Nikita Tarakanov

View

CVE-2012-1790 EXPLOITDB text VERIFIED

Webgrind - Path Traversal

Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.

by LiquidWorm

View

CVE-2012-2236 EXPLOITDB text

Ryan Walberg Php Gift Registry - SQL Injection

SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.

by G13

View

EIP-2026-111029 EXPLOITDB text

phpDenora 1.4.6 - Multiple SQL Injections

by Patrick de Brouwer

View

EIP-2026-109526 EXPLOITDB text VERIFIED

Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting

by Corrado Liotta

View

EIP-2026-102012 EXPLOITDB text

Snom IP Phone - Privilege Escalation

by Sense of Security

View

EIP-2026-119451 EXPLOITDB text VERIFIED

WebcamXP and webcam 7 - Directory Traversal

by Silent_Dream

View

EIP-2026-116460 EXPLOITDB text VERIFIED

Unity 3D Web Player 3.2.0.61061 - Denial of Service

by Luigi Auriemma

View

CVE-2012-4928 EXPLOITDB text VERIFIED

Oxwall 1.1.1 - XSS

Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.

by Ariko-Security

View

CVE-2012-4927 EXPLOITDB text

Limesurvey <1.91+ Build 120224 - SQL Injection

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

by TorTukiTu

View

CVE-2012-1226 EXPLOITDB text VERIFIED

Dolibarr Erp/crm - Path Traversal

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

by Benjamin Kunz Mejri

View

CVE-2012-1415 EXPLOITDB text

Dflabs Ptk < 1.0.5 - CSRF

Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.

by Ivano Binetti

View

CVE-2012-1224 EXPLOITDB text VERIFIED

Contentlion Alpha - XSS

Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

by Stefan Schurtz

View

CVE-2012-1001 EXPLOITDB MEDIUM text VERIFIED

Chyrp <2.1.2, <2.5 Beta 2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.

by High-Tech Bridge SA

CVSS 6.1

View

CVE-2012-1001 EXPLOITDB MEDIUM text VERIFIED

Chyrp <2.1.2, <2.5 Beta 2 - XSS

by High-Tech Bridge SA

CVSS 6.1

View

EIP-2026-105620 EXPLOITDB text

Brim < 2.0.0 - SQL Injection

by ifnull

View

CVE-2012-5320 EXPLOITDB text

Sagem F@ST 2604 - CSRF

Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

by KinG Of PiraTeS

View

By Source

Exploitdb 50,007

By Language

text 31,342