header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Sitefinity 15.0 – Cross-Site Scripting (XSS)

A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.

Apache OFBiz 18.12.12 – Directory Traversal

Apache OFBiz version 18.12.12 and below is vulnerable to directory traversal. An attacker can exploit this vulnerability by sending a crafted XML request to the '/webtools/control/xmlrpc' endpoint, allowing them to access files outside of the web root directory, such as sensitive system files like '/etc/passwd' or executing commands on the server.

Blood Bank v1.0 Stored Cross Site Scripting (XSS)

The 'rename', 'remail', 'rphone', and 'rcity' parameters in the 'updateprofile.php' file of Code-Projects Blood Bank V1.0 are vulnerable to Stored Cross-Site Scripting (XSS) due to lack of proper input validation. An attacker can inject malicious scripts into these parameters, and when stored on the server, these scripts may get executed when viewed by other users.

Quick.CMS 6.7 SQL Injection Login Bypass

The exploit allows an attacker to bypass authentication in Quick.CMS 6.7 by using a specific SQL injection payload. By entering the payload ' or '1'='1 in the email field and proceeding with the login, the attacker can successfully bypass the authentication and gain unauthorized access to the admin panel.

WinRAR version 6.22 Vulnerability CVE-2023-38831

The exploit involves creating a malicious zip file using the WinRAR software. By crafting a specially designed zip file, an attacker can execute arbitrary code on the target system, potentially leading to remote code execution. This vulnerability has been assigned CVE-2023-38831.

KiTTY 0.76.1.13 – ‘Start Duplicated Session Hostname’ Buffer Overflow

The KiTTY version 0.76.1.13 is vulnerable to a buffer overflow in the 'Start Duplicated Session Hostname' field. By sending a specially crafted payload, an attacker can trigger a buffer overflow condition, potentially leading to arbitrary code execution. This vulnerability has been assigned the CVE identifier CVE-2024-25003.

Simple Task List 1.0 – ‘status’ SQL Injection

Simple Task List version 1.0 is vulnerable to SQL Injection in the 'status' parameter of the addTask.php file. An attacker can exploit this vulnerability to execute malicious SQL queries, potentially leading to unauthorized access and extraction of sensitive data from the database.

Recent Exploits: