Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1039 EXPLOITDB text VERIFIED
Dotclear < 2.4.2 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
by High-Tech Bridge SA
CVE-2012-1039 EXPLOITDB html VERIFIED
Dotclear < 2.4.2 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
by High-Tech Bridge SA
CVE-2012-1096 EXPLOITDB MEDIUM python VERIFIED
NetworkManager <0.9 - Privilege Escalation
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
by Ludwig
CVSS 5.5
CVE-2012-1417 EXPLOITDB text
Yealink VOIP Phones - Authenticated Stored Cross-Site Scripting via User Field
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
by Narendra Shinde
CVE-2012-1498 EXPLOITDB text
Nikola Posa Webfoliocms1.0.2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.
by Ivano Binetti
CVE-2012-1188 EXPLOITDB text VERIFIED
Fork CMS < 3.2.7 - Cross-Site Scripting via Type, Querystring, or Name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.
by anonymous
CVE-2012-1188 EXPLOITDB text VERIFIED
Fork CMS < 3.2.7 - Cross-Site Scripting via Type, Querystring, or Name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.
by anonymous
CVE-2012-10060 EXPLOITDB CRITICAL python VERIFIED
Sysax Multi Server <5.55 - Buffer Overflow
Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.
by Craig Freyman
CVSS 9.8
EIP-2026-119199 EXPLOITDB python
Sysax Multi Server 5.53 - SFTP (Authenticated) (SEH)
by Craig Freyman
CVE-2011-2371 EXPLOITDB html
SeaMonkey through 2.0.14 - Remote Code Execution via Array.reduceRight Integer Overflow
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
by pa_kt
EIP-2026-117918 EXPLOITDB text VERIFIED
Socusoft Photo 2 Video 8.05 - Local Buffer Overflow
by Vulnerability-Lab
CVE-2012-1782 EXPLOITDB text VERIFIED
OSQA 3b - Cross-Site Scripting via URL or Picture Bar
Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.
by Ucha Gobejishvili
EIP-2026-105583 EXPLOITDB text VERIFIED
Bontq - 'user/' URI Cross-Site Scripting
by sonyy
CVE-2012-4923 EXPLOITDB text VERIFIED
Endian Firewall 2.4 - Cross-Site Scripting via dnat.cgi createrule Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
by Vulnerability Research Laboratory
CVE-2012-4923 EXPLOITDB text VERIFIED
Endian Firewall 2.4 - Cross-Site Scripting via dnat.cgi createrule Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
by Vulnerability Research Laboratory
CVE-2012-4923 EXPLOITDB text VERIFIED
Endian Firewall 2.4 - Cross-Site Scripting via dnat.cgi createrule Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
by Vulnerability Research Laboratory
CVE-2012-1787 EXPLOITDB text VERIFIED
Webglimpse < 2.20.0 - Cross-Site Scripting via URL FILE or DOMAIN Parameters
Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.
by MustLive
CVE-2012-1784 EXPLOITDB text VERIFIED
myjoblist 0.1.3 - SQL Injection via eid Parameter
SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php.
by Red Security TEAM
CVE-2012-1297 EXPLOITDB text
Contao CMS < 2.11.0 - Cross-Site Request Forgery via User, News, or Newsletter Deletion
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
by Ivano Binetti
CVE-2011-0923 EXPLOITDB ruby VERIFIED
HP Data Protector - Remote Code Execution via EXEC_CMD Argument Injection
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
by Metasploit
CVE-2012-6533 EXPLOITDB text VERIFIED
Symantec PGP Desktop and Encryption Desktop - Local Privilege Escalation via Buffer Overflow in pgpwded.sys
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
by Nikita Tarakanov
CVE-2012-1783 EXPLOITDB python VERIFIED
Tiny Server <= 1.1.9 - Denial of Service via Long GET Request
Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number.
by localh0t
EIP-2026-114557 EXPLOITDB php VERIFIED
YVS Image Gallery - SQL Injection
by CorryL
CVE-2012-1790 EXPLOITDB text VERIFIED
webgrind 1.0 and 1.0.2 - Path Traversal via File Parameter
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.
by LiquidWorm
EIP-2026-106224 EXPLOITDB php
cPassMan 1.82 - Remote Command Execution
by ls