Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119197 EXPLOITDB python VERIFIED
Sysax 5.57 - Directory Traversal
by Craig Freyman
CVE-2012-1978 EXPLOITDB text VERIFIED
Simple PHP Agenda < 2.2.8 - Cross-Site Request Forgery via Admin and Event Management
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.
by Ivano Binetti
CVE-2012-4685 EXPLOITDB text VERIFIED
Arbor Networks Peakflow <5.1.1-5.6.0 - XSS
Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.
by b.saleh
EIP-2026-102381 EXPLOITDB text VERIFIED
JBMC Software DirectAdmin 1.403 - 'domain' Cross-Site Scripting
by Dawid Golak
EIP-2026-115290 EXPLOITDB ruby VERIFIED
FoxPlayer 2.6.0 - Denial of Service
by Ahmed Elhady Mohamed
CVE-2012-4878 EXPLOITDB text VERIFIED
FlatnuX CMS 2011 08.09.2 - Path Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
by Vulnerability Laboratory
CVE-2012-4877 EXPLOITDB html VERIFIED
Flatnux < 2011-08-09-2 - Cross-Site Request Forgery in controlcenter.php
Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
by Vulnerability Laboratory
CVE-2012-5917 EXPLOITDB ruby
SnackAmp 3.1.3 - Denial of Service via Long String in AIFF File
SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file.
by Ahmed Elhady Mohamed
CVE-2012-4889 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
CVE-2012-4889 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
CVE-2012-4889 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
CVE-2012-4889 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
by Vulnerability Research Laboratory
CVE-2012-5899 EXPLOITDB text VERIFIED
SAMEDIA LandShop 0.9.2 - Cross-Site Scripting via OTR_HEADS Parameter
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information.
by Vulnerability-Lab
CVE-2012-5898 EXPLOITDB text VERIFIED
SAMEDIA LandShop 0.9.2 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
by Vulnerability-Lab
CVE-2012-0406 EXPLOITDB text VERIFIED
EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Malformed AUTHENTICATECONNECTION Command
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.
by Luigi Auriemma
CVE-2012-2109 EXPLOITDB text VERIFIED
BuddyPress 1.5.x < 1.5.5 - SQL Injection via Activity Widget Filter Page Parameter
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
by Ivan Terkin
EIP-2026-113456 EXPLOITDB text VERIFIED
Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection
by Easy Laster
CVE-2012-5900 EXPLOITDB text VERIFIED
SAMEDIA LandShop 0.9.2 - SQL Injection via OB_ID, AREA_ID, or start Parameter
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
by Vulnerability-Lab
EIP-2026-102589 EXPLOITDB text VERIFIED
Flock 2.6.1 - Denial of Service
by r45c4l
CVE-2012-0407 EXPLOITDB text VERIFIED
EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Integer Overflow in DPA_Utilities Library
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
by Luigi Auriemma
CVE-2012-1613 EXPLOITDB text VERIFIED
Coppermine Photo Gallery < 1.5.20 - Authenticated Cross-Site Scripting via Keywords Parameter
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
by waraxe
EIP-2026-118753 EXPLOITDB python
MailMax 4.6 - POP3 'USER' Remote Buffer Overflow
by localh0t
EIP-2026-116892 EXPLOITDB text
Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow
by Vulnerability-Lab
CVE-2012-1979 EXPLOITDB text VERIFIED
SyndeoCMS < 3.0.01 - Authenticated Stored Cross-Site Scripting via Email Parameter
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
by Ivano Binetti
EIP-2026-110684 EXPLOITDB text VERIFIED
PHP Designer 2007 Personal - Multiple SQL Injections
by MR.XpR