Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2924 EXPLOITDB text
Hypermethod eLearning Server 4G - RCE
PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by Andrey Komarov
CVE-2012-2919 EXPLOITDB text VERIFIED
Chevereto 1.9.1 - Path Traversal via Upload Engine v Parameter
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
by AkaStep
CVE-2012-2918 EXPLOITDB text VERIFIED
Chevereto 1.91 - Cross-Site Scripting via Upload Engine v Parameter
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
by AkaStep
CVE-2011-3658 EXPLOITDB ruby VERIFIED
Mozilla Firefox <8.0, Thunderbird <8.0, SeaMonkey <2.5 - DoS
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
by Metasploit
CVE-2012-2612 EXPLOITDB text VERIFIED
SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
by Core Security
CVE-2012-6048 EXPLOITDB python
Guitar Pro 6.1.1 r10791 - Denial of Service via Long String in GPX File
Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.
by condis
EIP-2026-115132 EXPLOITDB text VERIFIED
DecisionTools SharpGrid - ActiveX Control Remote Code Execution
by Francis Provencher
CVE-2012-6047 EXPLOITDB text VERIFIED
x7_chat < 2.0.5.1 - Cross-Site Request Forgery via Admin Panel User Group Addition
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
by DennSpec
CVE-2012-2274 EXPLOITDB text VERIFIED
PivotX < 2.3.2 - Cross-Site Scripting via File Parameter
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
by High-Tech Bridge SA
CVE-2012-1507 EXPLOITDB text VERIFIED
OrangeHRM < 2.7 - Cross-Site Scripting via newHspStatus, sortOrder1, or uri Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
by High-Tech Bridge SA
CVE-2012-1507 EXPLOITDB text VERIFIED
OrangeHRM < 2.7 - Cross-Site Scripting via newHspStatus, sortOrder1, or uri Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
by High-Tech Bridge SA
CVE-2012-1507 EXPLOITDB text VERIFIED
OrangeHRM < 2.7 - Cross-Site Scripting via newHspStatus, sortOrder1, or uri Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php.
by High-Tech Bridge SA
CVE-2012-1506 EXPLOITDB text VERIFIED
OrangeHRM < 2.7 - Authenticated SQL Injection via hspSummaryId Parameter
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2012-2332 EXPLOITDB text VERIFIED
Serendipity < 1.6.1 - SQL Injection via serendipity[plugin_to_conf] Parameter
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
by Stefan Schurtz
CVE-2012-6046 EXPLOITDB html VERIFIED
PHP Enter - Remote Code Injection via admin/banners.php code Parameter
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.
by L3b-r1'z
EIP-2026-101352 EXPLOITDB text VERIFIED
Linksys WRT54GL Wireless Router - Cross-Site Request Forgery
by Kalashinkov3
CVE-2012-4260 EXPLOITDB text VERIFIED
myCare2x - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php.
by Vulnerability-Lab
CVE-2012-4282 EXPLOITDB text VERIFIED
Trombinoscope 3.5 - SQL Injection via photo.php id Parameter
SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ramdan Yantu
CVE-2012-6045 EXPLOITDB text VERIFIED
Ramui Forum - Stored Cross-Site Scripting via Query Parameter in gb/user/index.php
Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter.
by 3spi0n
CVE-2012-2925 EXPLOITDB text VERIFIED
Simple PHP Agenda 2.2.8 - SQL Injection
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
by loneferret
CVE-2012-4258 EXPLOITDB text VERIFIED
MYRE Real Estate Software 2012 Q2 - SQL Injection via link_idd or userid Parameter
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.
by Vulnerability-Lab
CVE-2012-4262 EXPLOITDB text VERIFIED
myCare2x - Stored Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
by Vulnerability-Lab
EIP-2026-108092 EXPLOITDB text VERIFIED
JibberBook 2.3 - 'Login_form.php' Authentication Bypass
by L3b-r1'z
EIP-2026-107379 EXPLOITDB text
Genium CMS 2012/Q2 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-100846 EXPLOITDB text
Lynx Message Server - Multiple Vulnerabilities
by Mark Lachniet