Suggest Exploit

Explore Vulnerabilities


Explore all Exploits:

XOOPS Local File Include Vulnerabilities

XOOPS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

Cross-site scripting vulnerabilities in XOOPS

The XOOPS application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the context of the affected site, potentially stealing authentication credentials and launching further attacks.

MolyX BOARD 2.5.0 Local File Inclusion

This vulnerability allows an attacker to include local files on the server by manipulating the 'lang' parameter in the 'index.php' file. By using a relative path traversal technique, an attacker can access sensitive files such as the '/etc/passwd' file. This vulnerability affects all files within the MolyX BOARD 2.5.0 web application.

AnyDesk 2.5.0 Unquoted Service Path Elevation of Privilege

The Anydesk installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

GoAhead Web server HTTP Header Injection

A Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. An issue was discovered in GoAhead web server version 2.5.0 (may be affected on other versions too). The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. This means affected hosts can be used by attackers to hide behind during various other attack. PS: Affected on most of embedded webservers on hardware such as switches, routers, IOT and IP cameras.

Super Multimedia Library 2.5.0 XSRF Vulnerability (Add Admin)

A Cross-Site Request Forgery (XSRF) vulnerability exists in Super Multimedia Library 2.5.0, which allows an attacker to add an admin user to the system. An attacker can craft a malicious HTML form and submit it to the vulnerable application, which will add the specified user to the system without any authentication.

Tandis CMS Multiple SQL Injection Vulnerabilities

Tandis CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Recent Exploits: