header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

reNgine 2.2.0 – Command Injection (Authenticated)

The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.

YNP Portal System 2.2.0 Remote File Disclosure Vulnerability

The YNP Portal System version 2.2.0 is vulnerable to remote file disclosure. This allows an attacker to access sensitive files on the server by exploiting the 'showpage.cgi' script. By manipulating the 'p' parameter in the URL, an attacker can disclose files outside the web root directory, such as the '/etc/passwd' file.

Hasura GraphQL 2.2.0 – Information Disclosure

An information disclosure vulnerability exists in Hasura GraphQL Community 2.2.0. An attacker can send a specially crafted request to the server to leak environment variables. The attacker can send a POST request to the '/v1/metadata' endpoint with a specially crafted payload containing an environment variable key to leak. This can lead to the disclosure of sensitive information.

Radexscript CMS 2.2.0 – SQL Injection vulnerability

A SQL Injection vulnerability exists in Redaxscript CMS 2.2.0. The vulnerable parameter is the 'search_terms' parameter in the 'search_post()' function of the 'redaxscript/includes/search.php' file. An attacker can send a maliciously crafted POST request to the vulnerable application to execute arbitrary SQL commands in the back-end database.

PivotX Cross-Site Scripting Vulnerabilities

PivotX is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Apache James Remote Denial-of-Service Vulnerability

Apache James is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to efficiently handle malformed SMTP commands. This issue allows remote attackers to consume excessive CPU resources of affected computers, potentially denying service to legitimate users.

Zingiri Web Shop WordPress plugin RFI

The Zingiri Web Shop Wordpress plugin is vulnerable to a Remote File Inclusion (RFI) vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. The vulnerable code is located in the init.inc.php file, which is used to initialize the plugin. The code is vulnerable to RFI because it does not properly validate user-supplied input, allowing an attacker to include a malicious file from a remote server.

SQL Injection in Seo Panel

The vulnerability exists due to failure in the "/websites.php" script to properly sanitize user-supplied input in "url" variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.

Seo Panel Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)

A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user through two different cookies. Alter the value of cookies called 'default_news' or 'sponsors' and then view a site page which includes controllers/index.ctrl.php or controllers/settings.ctrl.php that will render the cookies as they exist on the user's machine.

Recent Exploits: