header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Featurific For WordPress Plugin Cross-Site Scripting Vulnerability

Featurific For WordPress plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

BBPortalS BBsProcesS Remote Blind SQL Injection Exploit

This exploit allows for remote blind SQL injection in BBPortalS and BBsProcesS scripts. The vulnerability can be found using the dork "inurl : tnews.php?op". The exploit has been tested on versions 1.5.10, 1.6.2, and 1.5.11. For version 2.0, the field names are 'user' and 'password', but the table name needs to be discovered separately. The exploit uses Perl and the LWP::UserAgent module.

WordPress Plugin WP24 Domain Check 1.6.2 – ‘fieldnameDomain’ Stored Cross Site Scripting

The 'fieldnameDomain' parameter in the WP24 Domain Check plugin for WordPress version 1.6.2 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'fieldnameDomain' field, which will be executed when the field is focused. This can lead to session hijacking, cookie theft, and other malicious activities.

Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation

The application suffers from an unquoted search path issue impacting the service 'SBSDWSCService' for Windows deployed as part of Spybot S&D. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.

MyNews Cross-Site Scripting Vulnerabilities

MyNews is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Recent Exploits: