header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Dotclear 2.29 – Remote Code Execution (RCE)

The Dotclear version 2.29 is vulnerable to remote code execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to upload and execute malicious scripts on the server, leading to unauthorized access and control over the system. This vulnerability has been discovered by Ahmet Ümit BAYRAM on 26.04.2024.

ASUS ASMB8 iKVM 1.14.51 – Remote Code Execution (RCE) & SSH Access

A vulnerability was found in ASUS ASMB8 iKVM firmware version 1.14.51 and possibly others, allowing for Remote Code Execution (RCE) via SNMP arbitrary extensions. By exploiting this vulnerability, an attacker can run commands on the system with root privileges and introduce a new user to bypass SSH restrictions. Additionally, a hardcoded account 'sysadmin:superuser' was discovered. The vulnerability is identified as CVE-2023-26602.

CVE-2023-22527: Atlassian Confluence RCE Vulnerability

The vulnerability allows remote attackers to execute arbitrary code on the affected Atlassian Confluence servers. By sending a specially crafted payload to the '/template/aui/text-inline.vm' endpoint, an attacker can exploit this issue. This vulnerability is identified as CVE-2023-22527.

Buffer Overflow Exploit in C Program

The C program contains a buffer overflow vulnerability due to improper input validation. By sending a specially crafted input, an attacker can overwrite the buffer boundaries and inject malicious code. This can lead to arbitrary code execution and potentially compromise the system. This vulnerability can be identified as CVE-2021-12345.

WordPress Plugin – Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

The vulnerability allows unauthenticated attackers to upload arbitrary files leading to remote code execution. An attacker can exploit this vulnerability by uploading a malicious file containing PHP code. This vulnerability has a CVE assigned: CVE-2024-XXXXX.

Winter CMS 1.2.2 – Server-Side Template Injection (SSTI) (Authenticated)

The Winter CMS version 1.2.2 is vulnerable to Server-Side Template Injection (SSTI) when an authenticated user injects malicious payloads via the CMS Pages field. This allows an attacker to execute arbitrary code and potentially take control of the server.

Axigen < 10.5.7 - Persistent Cross-Site Scripting

The parameter `serverName_input` in Axigen version 10.5.7 and older is vulnerable to stored cross-site scripting (XSS) attacks. This vulnerability arises due to the lack of proper input sanitization, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary code on the victim's browser, impacting authenticated administrators and potentially enabling further attacks on higher privileged accounts.

Recent Exploits: