Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-0933 EXPLOITDB text VERIFIED
acidcat_cms 3.5.1, 3.5.2, 3.5.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.
by Avram Marius
EIP-2026-112530 EXPLOITDB text VERIFIED
Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Alexander Fuchs
CVE-2012-5313 EXPLOITDB text VERIFIED
Snitz Forums 2000 - SQL Injection via TOPIC_ID Parameter
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.
by snup
CVE-2012-0913 EXPLOITDB text VERIFIED
ICloudCenter ICTimeAttendance 1.0 - SQL Injection
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
by v3n0m
EIP-2026-100297 EXPLOITDB text VERIFIED
EasyPage - SQL Injection
by Red Security TEAM
EIP-2026-114132 EXPLOITDB text VERIFIED
WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting
by Gianluca Brindisi
EIP-2026-112967 EXPLOITDB text VERIFIED
Vastal EzineShop - 'view_mags.php' SQL Injection
by Lazmania61
EIP-2026-111442 EXPLOITDB text VERIFIED
PostNuke pnAddressbook Module - 'id' SQL Injection
by Robert Cooper
EIP-2026-106590 EXPLOITDB text VERIFIED
Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting
by MaXe
EIP-2026-112744 EXPLOITDB text VERIFIED
Toner Cart - 'show_series_ink.php' SQL Injection
by Lazmania61
CVE-2012-6525 EXPLOITDB text VERIFIED
phpbridges - SQL Injection via id Parameter
SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter.
by 3spi0n
CVE-2012-6524 EXPLOITDB text VERIFIED
powie pGB 2.12 - SQL Injection via kommentar.php id Parameter
SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by 3spi0n
CVE-2012-0989 EXPLOITDB text VERIFIED
OneOrZero AIMS 2.8.0 Trial Edition build231211 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by High-Tech Bridge SA
EIP-2026-109519 EXPLOITDB text VERIFIED
MMORPG Zone - 'view_news.php' SQL Injection
by Lazmania61
CVE-2012-6526 EXPLOITDB text VERIFIED
Vastal I-Tech Freelance Zone - SQL Injection via show_code.php code_id Parameter
SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter.
by Lazmania61
CVE-2012-0905 EXPLOITDB text VERIFIED
deV!L'z Clanportal Gamebase Addon - SQL Injection via gameid Parameter
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.
by Easy Laster
CVE-2012-0906 EXPLOITDB text VERIFIED
Moviebase addon <1.5.5 - SQL Injection
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.
by Easy Laster
EIP-2026-108331 EXPLOITDB text VERIFIED
Joomla! Component com_discussions - SQL Injection
by Red Security TEAM
CVE-2012-0221 EXPLOITDB text VERIFIED
Rockwell Automation FactoryTalk CPR9-SR5 and RSLogix 5000 17-20 - Denial of Service via RNADiagReceiver Service
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet.
by Luigi Auriemma
EIP-2026-111232 EXPLOITDB text VERIFIED
phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
EIP-2026-111036 EXPLOITDB text
PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities
by Or4nG.M4N
EIP-2026-110730 EXPLOITDB text VERIFIED
PHP Membership Site Manager Script 2.1 - 'index.php' Cross-Site Scripting
by Atmon3r
EIP-2026-107417 EXPLOITDB text VERIFIED
Giveaway Manager - 'members.php' Cross-Site Scripting
by Am!r
EIP-2026-105580 EXPLOITDB text VERIFIED
BoltWire 3.4.16 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
CVE-2012-0900 EXPLOITDB text VERIFIED
Beehive Forum 1.0.1 - Cross-Site Scripting via PATH_INFO to forum/register.php or forum/logon.php
Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php.
by Stefan Schurtz