Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-5193 EXPLOITDB MEDIUM text VERIFIED
bitweaver < 2.8.1 - Cross-Site Scripting via Path Info or Parameter Injection
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
by Trustwave's SpiderLabs
CVSS 6.1
CVE-2012-10035 EXPLOITDB CRITICAL ruby VERIFIED
Turbo FTP Server <1.30.823-1.30.826 - Buffer Overflow
Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.
by Metasploit
CVE-2012-10034 EXPLOITDB HIGH text VERIFIED
ClanSphere 2011.3 - Local File Inclusion
ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks.
by blkhtc0rp
CVSS 7.5
EIP-2026-112252 EXPLOITDB text VERIFIED
SMF - 'view' Cross-Site Scripting
by Am!r
CVE-2012-5387 EXPLOITDB text VERIFIED
White Label CMS < 1.5.1 - Cross-Site Request Forgery via wlcms_o_developer_name Parameter
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
by pcsjj
EIP-2026-116166 EXPLOITDB perl VERIFIED
RealPlayer 15.0.6.14.3gp - Crash (PoC)
by coolkaveh
EIP-2026-114865 EXPLOITDB perl VERIFIED
Adobe Reader 10.1.4 - Crash (PoC)
by coolkaveh
CVE-2012-5388 EXPLOITDB text VERIFIED
White Label CMS 1.5 - Authenticated Stored Cross-Site Scripting via wlcms_o_developer_name Parameter
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
by pcsjj
EIP-2026-114070 EXPLOITDB text
WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities
by waraxe
EIP-2026-113409 EXPLOITDB html VERIFIED
WHMCompleteSolution (WHMCS) 4.5.2 - 'googlecheckout.php' SQL Injection
by Starware Security Team
CVE-2012-5452 EXPLOITDB text VERIFIED
Subrion CMS 2.2.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
by High-Tech Bridge SA
EIP-2026-111940 EXPLOITDB text VERIFIED
Schoolhos CMS Beta 2.29 - 'id' SQL Injection
by Cumi
CVE-2012-1503 EXPLOITDB text
Movable Type Pro 5.13 - Cross-Site Scripting via Comment Section
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
by sqlhacker
EIP-2026-108427 EXPLOITDB perl VERIFIED
Joomla! Component com_kunena - 'search' SQL Injection
by D35m0nd142
EIP-2026-108311 EXPLOITDB text VERIFIED
Joomla! Component com_commedia - 'task' SQL Injection
by D4NB4R
CVE-2012-5453 EXPLOITDB text
ATutor AContent <1.2 - SQL Injection
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
by High-Tech Bridge SA
EIP-2026-101275 EXPLOITDB text VERIFIED
FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection
by Aung Khant
CVE-2011-4640 EXPLOITDB text VERIFIED
SpamTitan WebTitan < 3.50 - Authenticated Path Traversal via logs-x.php fname Parameter
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.
by Richard Conner
EIP-2026-118759 EXPLOITDB ruby VERIFIED
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection (Metasploit)
by xistence
EIP-2026-115730 EXPLOITDB text
Microsoft Internet Explorer 9 - Cross-Site Scripting Filter Bypass
by Jean Pascal Pereira
EIP-2026-108558 EXPLOITDB text VERIFIED
Joomla! Component com_tag - 'tag' SQL Injection
by D4NB4R
EIP-2026-108354 EXPLOITDB text VERIFIED
Joomla! Component com_fss 1.9.1.1447 - SQL Injection
by D4NB4R
EIP-2026-106032 EXPLOITDB text
CMSQLite 1.3.2 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105992 EXPLOITDB text VERIFIED
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting
by Netsparker
EIP-2026-104327 EXPLOITDB python VERIFIED
ManageEngine Security Manager Plus 5.5 build 5505 - Directory Traversal
by xistence