Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-6499 EXPLOITDB text VERIFIED
Age Verification < 0.4 - Open Redirect via redirect_to Parameter
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
by Gianluca Brindisi
CVE-2012-6499 EXPLOITDB text VERIFIED
Age Verification < 0.4 - Open Redirect via redirect_to Parameter
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
by Gianluca Brindisi
CVE-2012-6523 EXPLOITDB text
w-cms 2.01 - Cross-Site Scripting via p Parameter or COMMENT Parameter
Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in (2) blog.php, (3) guestbook.php, or (4) forum.php in codes/. NOTE: some of these details are obtained from third party information.
by th3.g4m3_0v3r
CVE-2012-6038 EXPLOITDB text VERIFIED
razorCMS < 1.2.1 - Authenticated Path Traversal via dir Parameter
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
by chap0
CVE-2012-6500 EXPLOITDB text
Pragyan CMS < 3.0 - Path Traversal via Fileget Parameter
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
by Or4nG.M4N
CVE-2012-6043 EXPLOITDB text VERIFIED
php-fusion 7.02.04 - Cross-Site Scripting via downloads.php cat_id Parameter
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
by Am!r
CVE-2011-4191 EXPLOITDB text VERIFIED
Novell NetWare 6.5 SP8 - Buffer Overflow
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
by Francis Provencher
EIP-2026-104083 EXPLOITDB text VERIFIED
SonicWALL AntiSpam & EMail 7.3.1 - Multiple Vulnerabilities
by Benjamin Kunz Mejri
CVE-2012-0067 EXPLOITDB text VERIFIED
Wireshark 1.4.x-1.4.10 and 1.6.x-1.6.4 - Denial of Service via Long Packet in AIX iptrace File
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
by Laurent Butti
CVE-2012-5293 EXPLOITDB text VERIFIED
SAPID CMS 1.2.3 - Remote Code Execution via GLOBALS[root_path] or root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.
by Opa Yong
EIP-2026-110445 EXPLOITDB text
Paddelberg Topsite Script - Authentication Bypass
by Christian Inci
CVE-2012-6529 EXPLOITDB text VERIFIED
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
by H4ckCity Security Team
CVE-2012-6529 EXPLOITDB text VERIFIED
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
by H4ckCity Security Team
CVE-2012-6529 EXPLOITDB text VERIFIED
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
by H4ckCity Security Team
EIP-2026-107498 EXPLOITDB text VERIFIED
Gregarius 0.6.1 - Multiple SQL Injections / Cross-Site Scripting
by sonyy
CVE-2012-6644 EXPLOITDB text
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6643 EXPLOITDB text VERIFIED
ClipBucket 2.6 - SQL Injection via Time Parameter
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6643 EXPLOITDB text VERIFIED
ClipBucket 2.6 - SQL Injection via Time Parameter
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666