Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars

EIP-2026-108284 EXPLOITDB text VERIFIED

Joomla! Component com_bnf - 'seccion_id' SQL Injection

by Daniel Godoy

View

CVE-2012-1069 EXPLOITDB text VERIFIED

lknSupport - XSS

Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

by Red Security TEAM

View

EIP-2026-107406 EXPLOITDB text VERIFIED

GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities

by sonyy

View

EIP-2026-104913 EXPLOITDB text

Achievo 1.4.3 - Multiple Web Vulnerabilities

by Vulnerability-Lab

View

CVE-2012-1007 EXPLOITDB text

Apache Struts 1.3.10 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

by SecPod Research

View

EIP-2026-112503 EXPLOITDB text

swDesk - Multiple Vulnerabilities

by Red Security TEAM

View

CVE-2011-5074 EXPLOITDB text VERIFIED

Sitracker Support Incident Tracker < 3.64 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.

by High-Tech Bridge SA

View

CVE-2012-0834 EXPLOITDB text VERIFIED

phpLDAPadmin <1.2.2 - XSS

Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

by andsarmiento

View

EIP-2026-111108 EXPLOITDB text VERIFIED

phpLDAPadmin 1.2.0.5-2 - 'server_id' Cross-Site Scripting

by andsarmiento

View

CVE-2012-0991 EXPLOITDB text VERIFIED

OpenEMR 4.1.0 - Path Traversal

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

by High-Tech Bridge SA

View

CVE-2012-0991 EXPLOITDB text VERIFIED

OpenEMR 4.1.0 - Path Traversal

by High-Tech Bridge SA

View

CVE-2012-0992 EXPLOITDB text VERIFIED

OpenEMR 4.1.0 - Command Injection

interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.

by High-Tech Bridge SA

View

CVE-2012-0991 EXPLOITDB text VERIFIED

OpenEMR 4.1.0 - Path Traversal

by High-Tech Bridge SA

View

CVE-2011-2140 EXPLOITDB text VERIFIED

Adobe Flash Player <10.3.183.5 - Memory Corruption

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.

by Abysssec

View

EIP-2026-115211 EXPLOITDB text

EdrawSoft Office Viewer Component ActiveX 5.6 - 'officeviewermme.ocx' Buffer Overflow (PoC)

by LiquidWorm

View

CVE-2012-0982 EXPLOITDB text VERIFIED

Vastal I-Tech Agent Zone - SQL Injection

SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.

by Cagri Tepebasili

View

EIP-2026-112276 EXPLOITDB text

Snort Report 1.3.2 - SQL Injection

by a.kadir altan

View

EIP-2026-111463 EXPLOITDB text

PragmaMX 1.2.10 - Persistent Cross-Site Scripting

by HauntIT

View

CVE-2012-0981 EXPLOITDB text VERIFIED

phpShowtime 2.0 - Path Traversal

Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information.

by Red Security TEAM

View

EIP-2026-108320 EXPLOITDB text VERIFIED

Joomla! Component com_crhotels - 'catid' SQL Injection

by the_cyber_nuxbie

View

CVE-2012-0983 EXPLOITDB text VERIFIED

Scriptsez.net Ez Album - SQL Injection

SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

by Red Security TEAM

View

CVE-2012-1023 EXPLOITDB text VERIFIED

4images 1.7.10 - Open Redirect

Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.

by RandomStorm

View

CVE-2012-1022 EXPLOITDB text VERIFIED

4images 1.7.10 - SQL Injection

SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.

by RandomStorm

View

CVE-2012-1021 EXPLOITDB text VERIFIED

4images 1.7.10 - XSS

Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.

by RandomStorm

View

CVE-2012-0809 EXPLOITDB text VERIFIED

Sudo <1.8.4 - RCE

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

by joernchen

View

By Source

Exploitdb 50,007

By Language

text 31,342