header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

Anchor CMS 0.12.7 – Stored Cross Site Scripting (XSS)

Anchor CMS 0.12.7 is vulnerable to stored cross-site scripting (XSS) attacks. By injecting a malicious script into the post creation fields, an attacker can execute arbitrary scripts in the context of an authenticated user, leading to potential data theft or unauthorized actions. This vulnerability has a CVE identifier pending assignment.

6.1
CVSS
HIGH
Stored Cross Site Scripting (XSS)
79
CWE
Product Name
Anchor CMS
Platforms Tested
MacOS
Affected Version
From:
2000.12.7
To:
latest
2024
Show More

Backdrop CMS 1.27.1 – Authenticated Remote Command Execution (RCE)

The Backdrop CMS version 1.27.1 is vulnerable to authenticated remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This could lead to unauthorized access, data theft, and further compromise of the system. This exploit was authored by Ahmet Ümit BAYRAM.

6.1
CVSS
HIGH
Remote Command Execution (RCE)
78
CWE
Product Name
Backdrop
Platforms Tested
MacOS
Affected Version
From:
1.27.1
To:
1.27.1
2024
Show More

Dotclear 2.29 – Remote Code Execution (RCE)

The Dotclear version 2.29 is vulnerable to remote code execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to upload and execute malicious scripts on the server, leading to unauthorized access and control over the system. This vulnerability has been discovered by Ahmet Ümit BAYRAM on 26.04.2024.

8.1
CVSS
CRITICAL
Remote Code Execution (RCE)
434
CWE
Product Name
Dotclear
Platforms Tested
MacOS
Affected Version
From:
2.29
To:
2.29
2024
Show More

CMSimple 5.15 – Remote Command Execution

The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.

6.1
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name
CMSimple
Platforms Tested
MacOS
Affected Version
From:
5.15
To:
5.15
2024

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR