header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Shuttle-Booking-Software v1.0 – Multiple-SQLi

The location_id parameter in Shuttle-Booking-Software v1.0 is vulnerable to SQL injection attacks. By submitting a single quote or two single quotes in the location_id parameter, an attacker can trigger a database error message or retrieve information from the database.

Online ID Generator 1.0 – Remote Code Execution (RCE)

The Online ID Generator 1.0 is vulnerable to remote code execution. It allows an attacker to bypass login using SQL injection and upload a malicious shell to execute arbitrary code on the server. By accessing the uploaded shell via a remote browser, the attacker can achieve remote code execution.

?ross-Site Request Forgery (CSRF) in TestLink: CVE-2012-2275

The application allows authorized users to perform certain actions via HTTP requests without making proper validity checks to verify the source of the requests. This can be exploited to add, delete or modify sensitive information, for example to change administrator's email. An attacker should make logged-in administrator open a malicious link in the browser to exploit this vulnerability.

?ross-Site Request Forgery (CSRF) in XCloner Standalone

The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and change administrator’s password or execute arbitrary system commands on vulnerable system with privileges of the webserver.

Pointter PHP Micro-Blogging Social Network’ Unauthorized Privilege Escalation (CVE-2010-4333)

A vulnerability exists in the 'Pointter PHP Micro-Blogging Social Network' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.

WSN Links’ SQL Injection Vulnerability (CVE-2010-4006)

A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling portions of SQL code between the affected parameters, successful SQL injection into the software can occur. In the testing done, various 'UNION SELECT' SQL injections can occur.

Recent Exploits: