header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

JiRo? FAQ Manager v1.0 (index.asp) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'tID' parameter to '/index.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit latent vulnerabilities in the underlying database and compromise the system.

?IXForum 1.12 <= "RepId" Remote SQL Injection

A remote SQL injection vulnerability exists in ?IXForum 1.12. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The attacker can use the ?epId?parameter in the ?eplyNew.asp?page to inject malicious SQL code and gain access to the admin panel.

Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation ? Remote Code Execution

Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to create an administrator user due to a lack of permissions check in the handler/securityService.rpc endpoint. The following HTTP request can be made by any authenticated user, even those with a single role of Monitor. This request will create an administrator with all roles with a username of notadmin and a password of notpassword. Many vectors of remote code execution are available to an administrator. Not only can an administrator deploy WAR applications, they can also evaluate arbitrary groovy scripts via the web interface.

The Finger Server’ Remote Command Execution

The Finger Server is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking, it is possible for remote unauthenticated users to execute shell commands on the server which will run with the privileges of the webserver. A request like: http://target/finger.cgi?action=archives&cmd=specific&filename=99.10.28.15.23.username.|<shell command>| will cause the server to execute whatever command is specified.

Barracuda Arbitrary File Disclosure + Command Execution

The Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 is affected by an arbitrary file disclosure and command execution vulnerability. An attacker can exploit this vulnerability to disclose sensitive information and execute arbitrary commands on the affected device.

SQL Injection Vulnerability in Issue Trak <= 7.0 (Possibly applicable up to version 9.7)

A SQL injection vulnerability was discovered in Issue Trak versions <= 7.0, and is possibly applicable up to version 9.7. The vulnerable endpoint is www.example.com/IssueTrak/IssueSearch_Process.asp, and the vulnerable parameters are Status, Priority, inp_IssueType, SubmittedBy, EnteredBy, AssignedTo, AssignedBy, NextActionBy, ClosedBy, ProjectManager, and inp_OrgID. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a SQL injection payload. The SQLMap and NoSQLMap commands can be used to exploit this vulnerability.

Lyrist – Music Lyrics Script – SQL Injection

Lyrist - Music Lyrics Script is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Ingenious School Management System – SQL Injection

Ingenious School Management System is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'get_teacher.php' page. This can allow the attacker to gain access to the database and execute arbitrary commands.

PDOSessionHandler Denial of Service

The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations (see below) and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is vulnerable when it is using PDOSessionHandler to store its sessions, it uses MySQL as a backend for sessions managed by PDOSessionHandler, and the SQL mode does not contain STRICT_ALL_TABLES or STRICT_TRANS_TABLES (check via SELECT @@sql_mode).

Recent Exploits: