header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Moodle Authenticated Time-Based Blind SQL Injection – “sort” Parameter

The exploit involves a Time-Based Blind SQL Injection vulnerability in Moodle's 'sort' parameter. By manipulating the 'sort' parameter, an attacker can extract sensitive information from the database. This exploit has been assigned the CVE-2021-36393.

Positron Broadcast Signal Processor TRA7005 v1.20 – Authentication Bypass

The Positron Broadcast Digital Signal Processor TRA7005 is vulnerable to an authentication bypass that allows attackers to gain unauthorized access to protected areas of the application by manipulating the password management functionality. By exploiting this vulnerability, attackers can bypass Digest authentication, set a user's password to any value, or even remove it completely.

NAGIOS XI SQL Injection

The exploit allows an attacker to bypass authentication and gain access to the Nagios XI application by manipulating SQL queries. This vulnerability has been assigned the CVE-2024-24401. By exploiting this vulnerability, an attacker can obtain sensitive information, modify data, or perform unauthorized actions.

LeptonCMS 7.0.0 – Remote Code Execution (RCE) (Authenticated)

By uploading a malicious PHP file in the Languages section of LeptonCMS 7.0.0, an authenticated attacker can execute arbitrary code on the server. This can lead to unauthorized access, data theft, or further compromise of the system. This vulnerability has not been assigned a CVE at the time of writing.

Craft CMS unauthenticated Remote Code Execution (RCE)

Craft CMS 4.0.0-RC1 through 4.4.14 allows unauthenticated remote attackers to execute arbitrary code via a crafted request. An attacker can leverage this vulnerability to extract sensitive information and potentially take control of the affected system. This vulnerability has been assigned the CVE-2023-41892.

Recent Exploits: