header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

IFSC Code Finder Project 1.0 – SQL injection (Unauthenticated)

IFSC Code Finder Project 1.0 is vulnerable to unauthenticated SQL injection. An attacker can send a specially crafted request to the application to inject malicious SQL queries into the application. By sending a specially crafted request to the application, an attacker can inject malicious SQL queries into the application and retrieve all databases using sqlmap command.

Simple Online College Entrance Exam System 1.0 – SQLi Authentication Bypass

Simple Online College Entrance Exam System v1.0 Login page can be bypassed with a simple SQLi to the username parameter. Steps To Reproduce: 1 - Go to the login page http://localhost/entrance_exam/admin/login.php 2 - Enter the payload to username field as "admin' or '1'='1" without double-quotes and type anything to password field. 3 - Click on "Login" button and you are logged in as administrator.

Online Traffic Offense Management System 1.0 – Multiple XSS (Unauthenticated)

The entire application is susceptible to Stored XSS vulnerabilities, with examples of pages and parameters being http://localhost/traffic_offense/admin/?page=user, http://localhost/traffic_offense/classes/Master.php?f=save_offense_record, http://localhost/traffic_offense/admin/?page, http://localhost/traffic_offense/classes/Login.php, http://localhost/traffic_offense/*/&id=1, http://localhost/traffic_offense/classes/Master.php, http://localhost/traffic_offense/classes/Users.php. An attacker can upload SVG files with malicious JavaScript code to all places in the web application, as well as add evil code from admin, regular user, and unauthenticated accounts.

Online Traffic Offense Management System 1.0 – Multiple SQL Injection (Unauthenticated)

All requests can be sent by both an authenticated and a non-authenticated user. Example vulnerable pages and parameters include http://localhost/traffic_offense/classes/Users.php with parameters id, firstname, lastname, username; http://localhost/traffic_offense/classes/Login.php with parameters username, password; http://localhost/traffic_offense/*/&id=1 with parameter id; http://localhost/traffic_offense/classes/Master.php with parameters id, date_created, ticket_no, status, offense_id, fine, code, name. An example of a login request that generates a SQL injection error is provided.

Online DJ Booking Management System 1.0 – ‘Multiple’ Blind Cross-Site Scripting

Online DJ Booking Management System 1.0 is vulnerable to Blind Cross-Site Scripting. An attacker can inject malicious JavaScript code into the 'name', 'vaddress' and 'addinfo' parameters of the 'book-services.php' page. When an admin visits the 'view-booking-detail.php' page to approve the booking, the payload will fire and the attacker will be able to steal the admin's cookies.

Roxy WI v6.1.0.0 – Improper Authentication Control

Roxy WI is vulnerable to unauthenticated remote code execution due to improper authentication control. An attacker can send a malicious POST request to the vulnerable application to execute arbitrary code on the server. This vulnerability affects Roxy WI versions <= v6.1.0.0.

sleuthkit 4.11.1 – Command Injection

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter when it run on linux, a user can insert in the -m parameter a buffer with backtick with a shell command. If it run with a web application as front end it can execute commands on the remote server. The function affected by the vulnerability is "tsk_fs_fls()" from the "fls_lib.c" file.

Grand Theft Auto III/Vice City Skin File v1.1 – Buffer Overflow

Grand Theft Auto III/Vice City Skin File v1.1 is vulnerable to a buffer overflow attack. This attack can be triggered by running a malicious python script to generate an 'evil.bmp' file, which is then copied to the game's skins folder. When the game is launched and the user navigates to Options > Player Setup and chooses the 'evil' skin, a buffer overflow occurs and calc.exe pops up.

Recent Exploits: