Exploits - exploit.company

explore-vulnerabilities

Explore Vulnerabilities

Explore all Exploits:

Abdualhadi khalifa

Show More

CrushFTP Directory Traversal

The CrushFTP server version below 10.7.1 and 11.1.0, including legacy 9.x, is vulnerable to directory traversal. An attacker can exploit this vulnerability to access sensitive files on the server by manipulating the file path in the URL.

Directory Traversal

Platforms Tested

Affected Version

Show More

Multiple CSRF & Cross-Site Scripting (XSS) vulnerabilities in Crushftp 7.2.0

Multiple CSRF & Cross-Site Scripting (XSS) vulnerabilities have been identified in Crushftp 7.2.0 (Web Interface) on default configuration. These vulnerabilities allows an attacker to gain control over valid user accounts, perform operations on their behalf, redirect them to malicious sites, steal their credentials, and more.

Platforms Tested

Windows, Linux, Mac

Affected Version

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author

Ahmet Ümit BAYRAM

vendor

severity

YesWiki Unauthenticated Path Traversal

author

vendor

severity

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author

Gjoko 'LiquidWorm' Krstic

vendor

severity

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author

Abdualhadi khalifa

vendor

severity

GeoVision GV-ASManager 6.1.1.0 – CSRF

author

Giorgi Dograshvili [DRAGOWN]

vendor

severity

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author

Zero Science Lab

vendor

severity

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author

m4xth0r (Maximiliano Belino)

vendor

severity

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author

vendor

severity

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author

vendor

exclusiveaddons

severity

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author

vendor

severity