header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

H2O-CMS <= 3.4 Remote Command Execution Exploit (mq = Off)

This exploit allows an attacker to execute arbitrary commands on the vulnerable system. It is done by sending a maliciously crafted HTTP request to the vulnerable server. The exploit is triggered when the vulnerable server processes the maliciously crafted request and executes the arbitrary commands.

ThemeSiteScript v1.0 Remote File Inclusion Vulnerability

ThemeSiteScript v1.0 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. The vulnerable code is located in the frontpage_right.php file, line 2, which includes the $loadadminpage variable without any sanitization.

PersianBB (iranian_music.php id) Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server with a malicious SQL query. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. For example, an attacker can send a request like www.[target].com/Script/iranian_music.php?id=-1+union+select+1,concat_ws(0x3a,user,psw),3,4,5,6,7+from+prelude-- to exploit this vulnerability.

MyForum 1.3 Insecure Cookie Handling Vulnerability

A vulnerability exists in MyForum 1.3 which allows an attacker to set a cookie with the name 'myforum_login' and value '1' and another cookie with the name 'myforum_pass' and value '1' by using the JavaScript code 'javascript:document.cookie = "myforum_login=1; path=/"; javascript:document.cookie = "myforum_pass=1; path=/";'

e107 Plugin macgurublog_menu macgurublog.php (uid) Remote Sql inj

e107 Plugin macgurublog_menu macgurublog.php is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to the database and execute arbitrary SQL queries.

Aiocp 1.4 Remote SQL Injection vulnerability

Aiocp 1.4 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other sensitive data.

Recent Exploits: