header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)

This vulnerability allows an attacker to remotely change the admin password of a WordPress website if registration is enabled. The attacker first registers an account with the username 'admin' followed by 55 spaces and the letter 'x'. This creates a duplicate 'admin' account in the database. The attacker then requests a password reset for the duplicate account and the password is changed, but the new password is sent to the correct admin email.

Altrasoft Forum (cat) Remote SQL Injection Vulnerability

Altrasoft Forum is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the admin and user credentials. The POC for admin credentials is index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin-- and for user credentials is index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--. Live demo for admin credentials is http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin-- and for user credentials is http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--.

Masir Camp E-Shop Module <= 3.0 SQL Injection

Masir Camp is an advanced website management and content management software. It is vulnerable to SQL Injection in the 'veiworderstatus' parameter of the 'ordercode' parameter. An attacker can exploit this vulnerability by sending a malicious HTTP request with a crafted 'ordercode' parameter, such as 'foo' or 1=(select top 1 UserName from UserInfoView)-- or 'foo' or 1=(select top 1 Password from UserInfoView)--.

Samsung DVR SHR2040 HTTPD Remote Denial of Service DoS PoC

The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted HTTP request (NO necessary authentication), which will cause the HTTP service on the system to crash.

SMF <= 1.1.5 Admin Reset Password Exploit (win32-based servers)

SMF leaks current state of random number generator through hidden input parameter `sc` of the password reminder form. Since max random number generated with rand() on win32 is 32767 and session id is known an attacker can reverse the md5 hash and get the random number value. On win32 every random number generated with rand() is used as a seed for the next random number. So if SMF is installed on win32 platform an attacker can predict all the next random numbers. When password reset is requested SMF uses rand() function to generate validation code.

Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit

A vulnerability in Flock Social Web Browser 1.2.5 allows remote attackers to cause a denial of service (application crash) via a crafted web page that triggers an infinite loop in the addPanel, AddFavorite, and external.AddFavorite functions.

Integramod 1.4.x Backup Folder Access Vulnerability

Integramod 1.4.x versions have a backup folder where the daily database backups are stored. The coders of Integramod forgot to secure this folder, allowing anyone to access the database backups directly. Some versions have an index.html in the folder, but it is easy to get the backups anyway because they are always stored in the same format: backup-yyyy-dd-mm.sql

Vastal I-Tech Dating Zone (fage) SQL Injection Vulnerability

Vastal I-Tech Dating Zone is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

CVE-2020-1234: Metascortex Security Vulnerability

A vulnerability in Metascortex Security was discovered by John Doe in 2020. The vulnerability allows an attacker to gain access to sensitive information stored in the system. The vulnerability is caused by a lack of proper authentication and authorization checks.

Recent Exploits: