Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-5348 EXPLOITDB text VERIFIED
MangosWeb Enhanced 3.0.3 - SQL Injection
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.
by Hood3dRob1n
CVE-2012-5292 EXPLOITDB text VERIFIED
Atar2b CMS 4.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
by BHG Security Center
CVE-2012-5292 EXPLOITDB text VERIFIED
Atar2b CMS 4.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
by BHG Security Center
CVE-2012-5292 EXPLOITDB text VERIFIED
Atar2b CMS 4.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
by BHG Security Center
EIP-2026-100245 EXPLOITDB text VERIFIED
DIGIT CMS 1.0.7 - Cross-Site Scripting / SQL Injection
by BHG Security Center
CVE-2012-5349 EXPLOITDB text
Pay With Tweet <1.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
by Gianluca Brindisi
CVE-2012-0393 EXPLOITDB text VERIFIED
Apache Struts <2.3.1.1 - Code Injection
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
by SEC Consult
CVE-2012-0392 EXPLOITDB text VERIFIED
Apache Struts <2.3.1.1 - RCE
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
by SEC Consult
CVE-2012-0391 EXPLOITDB CRITICAL text VERIFIED
Apache Struts <2.2.3.1 - RCE
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
by SEC Consult
CVSS 9.8
CVE-2012-5344 EXPLOITDB text VERIFIED
IpTools <0.1.4 - Path Traversal
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
by demonalex
CVE-2012-5350 EXPLOITDB text
Pay With Tweet <1.2 - SQL Injection
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
by Gianluca Brindisi
CVE-2012-5347 EXPLOITDB text
TinyWebGallery 1.8.3 - RCE
TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2) info.php.
by Expl0!Ts
CVE-2012-5342 EXPLOITDB text VERIFIED
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
by H4ckCity Security Team
CVE-2012-5342 EXPLOITDB text VERIFIED
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
by H4ckCity Security Team
CVE-2012-5342 EXPLOITDB text VERIFIED
SenseSites CommonSense CMS - SQL Injection
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
by H4ckCity Security Team
EIP-2026-106783 EXPLOITDB text VERIFIED
eFront 3.6.10 - 'download' Directory Traversal
by Chokri B.A
CVE-2011-4191 EXPLOITDB text VERIFIED
Novell NetWare 6.5 SP8 - Buffer Overflow
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
by Francis Provencher
CVE-2011-4191 EXPLOITDB text VERIFIED
Novell NetWare 6.5 SP8 - Buffer Overflow
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
by Francis Provencher
CVE-2012-0394 EXPLOITDB text VERIFIED
Apache Struts <2.3.1.1 - RCE
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
by SEC Consult
CVE-2012-5100 EXPLOITDB text VERIFIED
HServer 0.1.1 - Path Traversal
Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO.
by demonalex
CVE-2011-5025 EXPLOITDB text VERIFIED
Yaws - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
by SiteWatch
CVE-2012-5102 EXPLOITDB text VERIFIED
VertrigoServ 2.25 - XSS
Cross-site scripting (XSS) vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter.
by Stefan Schurtz
CVE-2012-5105 EXPLOITDB text VERIFIED
SQLiteManager 1.2.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
by Stefan Schurtz
CVE-2012-5105 EXPLOITDB text VERIFIED
SQLiteManager 1.2.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
by Stefan Schurtz
CVE-2012-0840 EXPLOITDB text VERIFIED
Apache APR <1.4.5 - DoS
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
by Moritz Muehlenhoff
By Source
All 31,342 Writeup 60,270 Exploitdb 50,007 Nomisec 21,860 Metasploit 3,224 Github 2,611 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,985 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 217 shell 91 go 55 postscript 25 xml 24