Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars

CVE-2012-5104 EXPLOITDB text VERIFIED

UBB.threads <7.5.6 - XSS

Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter.

by sonyy

View

CVE-2011-4614 EXPLOITDB text VERIFIED

Typo3 - Code Injection

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

by MaXe

View

CVE-2011-5019 EXPLOITDB text VERIFIED

Textpattern - XSS

Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter.

by Jonathan Claudius

View

CVE-2012-5341 EXPLOITDB text VERIFIED

Otterware StatIt 4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.

by sonyy

View

EIP-2026-111421 EXPLOITDB text VERIFIED

Posse Softball Director CMS - SQL Injection

by H4ckCity Security Team

View

CVE-2012-5291 EXPLOITDB text VERIFIED

Posse Softball Director CMS - SQL Injection

SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.

by Easy Laster

View

CVE-2011-5252 EXPLOITDB text VERIFIED

Orchard - Improper Input Validation

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.

by Mesut Timur

View

CVE-2012-5343 EXPLOITDB text VERIFIED

Limny 3.0.1 - XSS

Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.

by Gjoko Krstic

View

CVE-2011-5209 EXPLOITDB text VERIFIED

Cloneforest Graphicsclone Script - XSS

Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter.

by Mr.PaPaRoSSe

View

CVE-2011-5193 EXPLOITDB text VERIFIED

Phpace Samswhois < 1.4.2.3 - XSS

Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194.

by Atmon3r

View

EIP-2026-113637 EXPLOITDB text VERIFIED

WordPress Plugin Comment Rating 2.9.20 - 'path' Cross-Site Scripting

by The Evil Thinker

View

CVE-2012-5294 EXPLOITDB text VERIFIED

MyStore Xpress Tienda Virtual - SQL Injection

SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.

by Arturo Zamora

View

CVE-2012-2316 EXPLOITDB text VERIFIED

OpenKM <5.1.8-2 - CSRF

Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.

by Cyrill Brunschwiler

View

EIP-2026-114392 EXPLOITDB text VERIFIED

WSN Links Script 2.3.4 - SQL Injection

by H4ckCity Security Team

View

CVE-2012-5098 EXPLOITDB text VERIFIED

Php-X-Links - SQL Injection

Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.

by H4ckCity Security Team

View

CVE-2009-2436 EXPLOITDB text VERIFIED

MyPHPDating 1.0 - SQL Injection

SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

by ITTIHACK

View

CVE-2012-5295 EXPLOITDB text VERIFIED

FuseTalk Forums <3.2 - XSS

Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.

by sonyy

View

CVE-2012-5346 EXPLOITDB text VERIFIED

WordPress WP Live.php <1.2.1 - XSS

Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.

by H4ckCity Security Team

View

EIP-2026-112040 EXPLOITDB text VERIFIED

Siena CMS 1.242 - 'err' Cross-Site Scripting

by Net.Edit0r

View

CVE-2011-4885 EXPLOITDB text

Php < 5.3.8 - Improper Input Validation

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

by infodox

View

CVE-2011-5207 EXPLOITDB text VERIFIED

Thecartpress < 1.1.6 - XSS

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.

by 6Scan

View

EIP-2026-114111 EXPLOITDB text VERIFIED

WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting

by Am!r

View

CVE-2011-4362 EXPLOITDB text VERIFIED

lighttpd <1.4.30, <1.5 - DoS

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.

by pi3

View

CVE-2011-5203 EXPLOITDB text VERIFIED

Akiva Webboard < 8.0 - SQL Injection

SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.

by Alexander Fuchs

View

EIP-2026-109893 EXPLOITDB text VERIFIED

Neturf eCommerce Shopping Cart - 'searchFor' Cross-Site Scripting

by farbodmahini

View

By Source

Exploitdb 50,007

By Language

text 31,342