Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112050 EXPLOITDB python VERIFIED
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
by Mehmet Ince
CVE-2012-4254 EXPLOITDB text VERIFIED
mysqldumper 1.24.4 - Exposure of Sensitive Information via Direct Request to Restore or Dump Script
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
by AkaStep
CVE-2012-4251 EXPLOITDB text VERIFIED
MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
by AkaStep
CVE-2012-4251 EXPLOITDB text VERIFIED
MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
by AkaStep
EIP-2026-109805 EXPLOITDB php VERIFIED
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution
by AkaStep
CVE-2012-4252 EXPLOITDB text VERIFIED
MySQLDumper 1.24.4 - Cross-Site Request Forgery via Multiple Administrative Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.
by AkaStep
CVE-2012-4251 EXPLOITDB text VERIFIED
MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
by AkaStep
CVE-2012-4251 EXPLOITDB text VERIFIED
MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
by AkaStep
CVE-2012-4253 EXPLOITDB text VERIFIED
mysqldumper 1.24.4 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
by AkaStep
EIP-2026-105340 EXPLOITDB text VERIFIED
Axous 1.1.0 - SQL Injection
by H4ckCity Secuirty TeaM
CVE-2012-4253 EXPLOITDB text VERIFIED
mysqldumper 1.24.4 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
by AkaStep
CVE-2012-4060 EXPLOITDB text VERIFIED
ASP-DEv XM Forums RC3 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
by Farbod Mahini
EIP-2026-100161 EXPLOITDB text VERIFIED
BBSXP CMS - Multiple SQL Injections
by Farbod Mahini
CVE-2012-6504 EXPLOITDB text VERIFIED
PHP Volunteer Management 1.0.2 - SQL Injection via id Parameter
SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by G13
CVE-2012-6506 EXPLOITDB text VERIFIED
Zingiri Web Shop 2.4.0 - Cross-Site Scripting via Page or Notes Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
by Mehmet Ince
EIP-2026-111639 EXPLOITDB text VERIFIED
Quick.CMS 4.0 - 'p' Cross-Site Scripting
by Jakub Galczyk
CVE-2012-6505 EXPLOITDB text VERIFIED
PHP Volunteer Management 1.0.2 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by G13
CVE-2012-6513 EXPLOITDB text VERIFIED
gpEasy CMS 2.3.3 - Cross-Site Scripting via jsoncallback Parameter
Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter.
by Jakub Galczyk
EIP-2026-106124 EXPLOITDB text VERIFIED
Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
by Jakub Galczyk
EIP-2026-102945 EXPLOITDB text
Parallels PLESK 9.x - Insecure Permissions
by Nicolas Krassas
CVE-2012-2208 EXPLOITDB text
Piwigo < 2.3.3 - Remote File Inclusion via Upgrade Language Parameter
Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by High-Tech Bridge SA
CVE-2012-0158 EXPLOITDB HIGH ruby VERIFIED
Microsoft Office and Components - Remote Code Execution via Crafted File
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
by Metasploit
CVSS 8.8
CVE-2009-1642 EXPLOITDB ruby VERIFIED
Mini-stream ASX to MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long rtsp URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7."
by Metasploit
CVE-2012-2209 EXPLOITDB text
Piwigo < 2.3.4 - Cross-Site Scripting via Admin Panel Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
by High-Tech Bridge SA
CVE-2012-1586 EXPLOITDB text VERIFIED
cifs-utils - Exposure of Sensitive Information via Error Message
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
by Sha0