Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1305 EXPLOITDB text
Fork CMS 3.2.5 - Multiple Vulnerabilities
by Ivano Binetti
CVE-2012-1208 EXPLOITDB text
Fork CMS 3.2.4 - Cross-Site Scripting via Report or Error Parameter
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
by Ivano Binetti
CVE-2012-0873 EXPLOITDB text VERIFIED
Boonex Dolphin < 7.0.8 - Cross-Site Scripting via Explanation or ViewFriends Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
by Aung Khant
CVE-2012-0873 EXPLOITDB text VERIFIED
Boonex Dolphin < 7.0.8 - Cross-Site Scripting via Explanation or ViewFriends Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
by Aung Khant
EIP-2026-106227 EXPLOITDB text VERIFIED
CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities
by Ariko-Security
CVE-2012-5322 EXPLOITDB text VERIFIED
Xavi X7968 - Stored Cross-Site Scripting via pvcName or host_name_txtbox Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config.
by Busindre
EIP-2026-101590 EXPLOITDB text
Cisco Linksys WAG54GS - Cross-Site Request Forgery (Change Admin Password)
by Ivano Binetti
CVE-2012-5323 EXPLOITDB text VERIFIED
Xavi X7968 - Cross-Site Request Forgery via Password Change Form
Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters.
by Busindre
CVE-2012-5322 EXPLOITDB text VERIFIED
Xavi X7968 - Stored Cross-Site Scripting via pvcName or host_name_txtbox Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config.
by Busindre
CVE-2012-4999 EXPLOITDB perl VERIFIED
Mercury MR804 Router <8.0.3.8.1 Build - DoS
Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are obtained from third party information.
by demonalex
CVE-2009-4656 EXPLOITDB ruby
E-Soft DJ Studio Pro <5.1.4.3.1 - Buffer Overflow
Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information.
by Death-Shadow-Dark
EIP-2026-116894 EXPLOITDB python VERIFIED
Blade API Monitor - Unicode Bypass Serial Number Buffer Overflow
by b33f
EIP-2026-113151 EXPLOITDB text VERIFIED
VOXTRONIC Voxlog Professional 3.7.x - 'userlogdetail.php?idclient' SQL Injection
by J. Greil
EIP-2026-113150 EXPLOITDB text VERIFIED
VOXTRONIC Voxlog Professional 3.7.x - 'get.php?v' Arbitrary File Access
by J. Greil
EIP-2026-112604 EXPLOITDB text VERIFIED
TestLink - Multiple SQL Injections
by Juan M. Natal
CVE-2012-1414 EXPLOITDB html
Plume CMS < 1.2.4 - Cross-Site Request Forgery via News Page Creation
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.
by Ivano Binetti
EIP-2026-108776 EXPLOITDB text VERIFIED
Joomla! Component Machine - Multiple SQL Injections
by the_cyber_nuxbie
CVE-2012-0869 EXPLOITDB text VERIFIED
Frams' Fast File EXchange <20120215 - XSS
Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by muuratsalo
CVE-2012-1308 EXPLOITDB text
D-Link DSL-2640B Firmware EU_4.00 - Cross-Site Request Forgery via sysPassword Parameter
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
by Ivano Binetti
CVE-2012-1203 EXPLOITDB html
SyndeoCMS < 3.0.00 - Cross-Site Request Forgery via User Account Creation
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.
by Ivano Binetti
EIP-2026-104852 EXPLOITDB text
4PSA CMS - SQL Injection
by BHG Security Center
CVE-2012-5321 EXPLOITDB text VERIFIED
TikiWiki CMS/Groupware 8.3 - Frame Injection via URL Parameter
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
by sonyy
EIP-2026-108605 EXPLOITDB text VERIFIED
Joomla! Component com_xvs - 'Controller' Local File Inclusion
by KedAns-Dz
EIP-2026-108599 EXPLOITDB text VERIFIED
Joomla! Component com_xcomp - Local File Inclusion
by KedAns-Dz
EIP-2026-108596 EXPLOITDB text VERIFIED
Joomla! Component com_x-shop - 'idd' SQL Injection
by KedAns-Dz