Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1774 EXPLOITDB text
Gretech GOM Media Player <2.1.39.5101 Open URL - Impact Unknown
Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264.
by longrifle0x
CVE-2012-2099 EXPLOITDB text VERIFIED
Wikidforum 2.10 - Cross-Site Scripting via Search Field or Advanced Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
by Stefan Schurtz
CVE-2012-6520 EXPLOITDB text VERIFIED
Wikidforum 2.10 - SQL Injection via Advanced Search Parameters
Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties.
by Stefan Schurtz
CVE-2012-2099 EXPLOITDB text VERIFIED
Wikidforum 2.10 - Cross-Site Scripting via Search Field or Advanced Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
by Stefan Schurtz
CVE-2012-1556 EXPLOITDB text VERIFIED
Synology Photo Station 5 for DiskStation Manager 3.2-1955 - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
by Simon Ganiere
EIP-2026-111880 EXPLOITDB text VERIFIED
Saman Portal - Local File Inclusion
by TMT
EIP-2026-104902 EXPLOITDB text
Acal Calendar 2.2.6 - Cross-Site Request Forgery
by Number 7
CVE-2012-4871 EXPLOITDB text VERIFIED
LiteSpeed Web Server 4.1.11 - Cross-Site Scripting via gtitle Parameter
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
by K1P0D
EIP-2026-101483 EXPLOITDB text VERIFIED
TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection
by l20ot
EIP-2026-100946 EXPLOITDB text VERIFIED
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
by LiquidWorm
EIP-2026-112169 EXPLOITDB text VERIFIED
Singapore 0.10.1 - 'gallery' Cross-Site Scripting
by T0xic
CVE-2012-1778 EXPLOITDB perl VERIFIED
CreateVision CMS - SQL Injection via artykul_print.php id Parameter
SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Zwierzchowski Oskar
EIP-2026-102367 EXPLOITDB text VERIFIED
EJBCA 4.0.7 - 'issuer' Cross-Site Scripting
by MustLive
CVE-2012-1912 EXPLOITDB text
PHP Address Book < 7.0 - Cross-Site Scripting via Preferences from Parameter
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
by Stefan Schurtz
CVE-2012-1911 EXPLOITDB text
PHP Address Book < 6.2.11 - SQL Injection via to_group or id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
by Stefan Schurtz
CVE-2012-2903 EXPLOITDB text
PHP Address Book < 6.1.1 - Cross-Site Scripting via PATH_INFO or Language Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
by Stefan Schurtz
CVE-2012-1502 EXPLOITDB text
PyPam < 0.5.0 - Double Free in PyPAM_conv
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
by Markus Vervier
EIP-2026-111174 EXPLOITDB html VERIFIED
PHPMyVisites 2.4 - 'PHPmv2/index.php' Multiple Cross-Site Scripting Vulnerabilities
by AkaStep
CVE-2012-0754 EXPLOITDB HIGH ruby VERIFIED
Adobe Flash Player <10.3.183.15, <11.1.102.62 - Memory Corruption
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
by Metasploit
CVSS 8.1
EIP-2026-117432 EXPLOITDB python VERIFIED
Macro Toolworks 7.5 - Local Buffer Overflow
by Julien Ahrens
EIP-2026-112733 EXPLOITDB text VERIFIED
ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion
by AkaStep
CVE-2012-1900 EXPLOITDB text
RazorCMS < 1.2.1 - Cross-Site Request Forgery via showcats Action
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.
by Ivano Binetti
EIP-2026-111684 EXPLOITDB text
RazorCMS 1.2.1 STABLE - Arbitrary File Upload
by i2sec_Hyo jun Oh
EIP-2026-109093 EXPLOITDB text VERIFIED
LeKommerce - 'id' SQL Injection
by Mazt0r
EIP-2026-102485 EXPLOITDB text VERIFIED
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Julien Ahrens