header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

coppermine-gallery 1.6.25 RCE

The coppermine-gallery version 1.6.25 is vulnerable to Remote Code Execution (RCE) attack. By uploading a specially crafted zip file containing a PHP file with malicious code, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access, data leakage, and potential compromise of the entire system.

Limo Booking Software v1.0 – CORS

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain. The application allowed access from the requested origin http://wioydcbiourl.com. Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks. The attacker can get some of the software resources of the victim without the victim knowing this.

Atcom 2.7.x.x – Authenticated Command Injection

The Atcom 2.7.x.x version is vulnerable to an authenticated command injection vulnerability. By sending a specially crafted request to the web_cgi_main.cgi script, an attacker can inject arbitrary commands into the system. This can lead to remote code execution and unauthorized access to the target system.

Ruijie Reyee Wireless Router firmware version B11P204 – MITM Remote Code Execution (RCE)

The Ruijie Reyee Cloud Web Controller allows the user to use a diagnostic tool which includes a ping check to ensure connection to the intended network, but the ip address input form is not validated properly and allows the user to perform OS command injection. In other side, Ruijie Reyee Cloud based Device will make polling request to Ruijie Reyee CWMP server to ask if there's any command from web controller need to be executed. After analyze the network capture that come from the device, the connection for pooling request to Ruijie Reyee CWMP server is unencrypted HTTP request. Because of unencrypted HTTP request that come from Ruijie Reyee Cloud based Device, attacker could make fake server using Man-in-The-Middle (MiTM) attack and send arbitrary commands to execute on the cloud based device that make CWMP request to fake server. Once the attacker have gained access, they can execute arbitrary commands on the system or application, potentially compromising sensitive data, installing malware, or taking control of the system.

Media Library Assistant WordPress Plugin – RCE and LFI

Media Library Assistant Wordpress Plugin in version < 3.10 is affected by an unauthenticated remote reference to Imagick() conversion which allows attacker to perform LFI and RCE depending on the Imagick configuration on the remote server. The affected page is: wp-content/plugins/media-library-assistant/includes/mla-stream-image.php

WordPress Sonaar Music Plugin 4.7 – Stored XSS

This exploit allows an attacker to execute arbitrary JavaScript code on the target Wordpress website. By adding a malicious payload in the comment section of a published playlist, the attacker can trigger the XSS vulnerability and potentially perform actions on behalf of the user.

Recent Exploits: