header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

ContentNow CMS (Upload/XSS) Multiple Remote Vulnerabilities

This Vulnerability can upload malicious files direct to web server. An attacker can exploit this vulnerability by sending a malicious file to the upload path and then access the file from the upload directory. An attacker can also exploit the Remote XSS vulnerability by sending a malicious script to the vulnerable parameters.

Xpoze Pro CMS 2008 XPOZE Pro 3.06 SQL Injection Exploit

Xpoze Pro CMS 2008 XPOZE Pro 3.06 is vulnerable to a SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames and passwords.

Kasseler-Cms (LFI/XSS) Multiple Remote Vulnerabilities

Kasseler-CMS is vulnerable to both Local File Inclusion (LFI) and Cross-Site Scripting (XSS) attacks. The LFI vulnerability is triggered when a malicious user supplies a specially crafted URL to the application, which can be used to access sensitive files on the server. The XSS vulnerability is triggered when a malicious user supplies a specially crafted URL to the application, which can be used to inject malicious JavaScript code into the application.

Panda Security ActiveScan 2.0 Update Buffer Overflow

Panda Security ActiveScan 2.0 Update function contains a buffer overflow vulnerability. The vulnerability is caused due to a boundary error within the processing of the "update.ini" file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site.

Joomla com_dbquery Remote file Inclusion

A remote file inclusion vulnerability exists in Joomla com_dbquery component. The vulnerability is due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'administrator/components/com_dbquery/classes/DBQ/admin/common.class.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by including a malicious file from a remote location.

Joomla Component altas v 1.0 Multiple Remote SQL Injection

A vulnerability in Joomla Component altas v 1.0 allows an attacker to inject malicious SQL commands into the vulnerable application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'mes' and 'ano' parameters of the 'index.php' script. Successful exploitation of this vulnerability can allow an attacker to gain access to sensitive information from the database, modify data, or exploit further vulnerabilities.

DSECRG-08-027

1024 CMS has Remote File Include vulnerability and multiple Local File Include vulnerabilities. The vulnerable scripts are themes/blog/layouts/standard.php, themes/default/layouts/standard.php, themes/portfolio/layouts/standard.php, themes/snazzy/layouts/standard.php and admin/lang/fr/reports/default.php.

Recent Exploits: