Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-5203 EXPLOITDB text VERIFIED
Akiva WebBoard < 8.0 - SQL Injection via WB/Default.asp Name Parameter
SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
by Alexander Fuchs
EIP-2026-109893 EXPLOITDB text VERIFIED
Neturf eCommerce Shopping Cart - 'searchFor' Cross-Site Scripting
by farbodmahini
CVE-2011-5200 EXPLOITDB text VERIFIED
DeDeCMS - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
by CWH & Nafsh
CVE-2011-5204 EXPLOITDB text VERIFIED
Akiva WebBoard 8.x - Plaintext Password Storage
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.
by Alexander Fuchs
CVE-2011-5053 EXPLOITDB text
Wi-Fi Protected Setup Protocol - Improper Authentication via EAP-NACK Message Handling
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
by cheffner
CVE-2011-5026 EXPLOITDB text VERIFIED
Winn GuestBook < 2.4.8d - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.
by G13
CVE-2011-5023 EXPLOITDB text VERIFIED
Pligg CMS 1.1.4 - Cross-Site Scripting via PATH_INFO to Search Program
Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.
by SiteWatch
CVE-2011-5022 EXPLOITDB text VERIFIED
Pligg CMS 1.1.2 - SQL Injection via Status Parameter
SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.
by SiteWatch
CVE-2011-5140 EXPLOITDB text VERIFIED
DiY-CMS blog module 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php.
by snup
CVE-2012-0045 EXPLOITDB text VERIFIED
Linux Kernel < 3.2.14 - Denial of Service via KVM em_syscall Opcode Handling
The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.
by Stephan Sattler
EIP-2026-113879 EXPLOITDB text VERIFIED
WordPress Plugin Mailing List - Arbitrary File Download
by 6Scan
EIP-2026-107214 EXPLOITDB text
Free Image Hosting Script - Arbitrary File Upload
by ySecurity
EIP-2026-102694 EXPLOITDB text VERIFIED
Nagios Plugins check_ups - Local Buffer Overflow (PoC)
by Stefan Schurtz
CVE-2011-5161 EXPLOITDB text
OpenEMR 4 - Unauthenticated Arbitrary PHP File Upload via Patient Photograph Feature
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.
by Level
CVE-2011-5160 EXPLOITDB text
OpenEMR 4 - Cross-Site Scripting via Site Parameter
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.
by Level
CVE-2012-2115 EXPLOITDB text
OpenEMR < 4.1.0 - SQL Injection via User Parameter
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
by Level
EIP-2026-115300 EXPLOITDB text VERIFIED
freeSSHd - Denial of Service (PoC)
by Level
CVE-2011-4558 EXPLOITDB HIGH text
Tiki < 8.2 - Authenticated Remote Code Execution via Regex Parameters
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
by EgiX
CVSS 7.2
CVE-2011-5039 EXPLOITDB text
Infoproject Biznis Heroj - SQL Injection via login.php or widget.dokumenti_lista.php
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
by LiquidWorm
CVE-2011-5149 EXPLOITDB text VERIFIED
SpamTitan < 5.08 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.
by Vulnerability-Lab
EIP-2026-117375 EXPLOITDB text VERIFIED
Kaspersky Internet Security/Anti-Virus - '.cfg' File Memory Corruption
by Vulnerability Research Laboratory
CVE-2011-5150 EXPLOITDB text VERIFIED
SpamTitan < 5.07 - Cross-Site Scripting via setup-network.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
CVE-2011-5040 EXPLOITDB text
Infoproject Biznis Heroj - Stored Cross-Site Scripting via config Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.
by LiquidWorm
EIP-2026-106898 EXPLOITDB text VERIFIED
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
CVE-2011-3587 EXPLOITDB text VERIFIED
Plone 4.0-4.0.9, 4.1, 4.2-4.2a2 - Remote Code Execution via p_ Class in OFS/misc_.py
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
by Nick Miles