header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

netadvantist@copyright 2006 SQL Injection(com_na_xxx)

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. The crafted query can be used to extract sensitive information from the database, such as usernames and passwords. The attacker can also use the crafted query to modify the database, such as adding, deleting, or modifying records.

Mihalism Multi Host Download – Blind SQL Injection Attack

This exploit is based on a vulnerability in the Mihalism Multi Host Download CMS. The vulnerable code is found in the users.php file, where the application is vulnerable to a Blind SQL Injection attack. The attacker can craft a malicious SQL query to extract the admin's hash from the database. The query is constructed by delaying the response if the first character of the admin's hash is equal to '1'.

Joomla SQL Injection (com_downloads)(filecatid)

An attacker can exploit a SQL injection vulnerability in Joomla's com_downloads component to gain access to sensitive information from the database. The vulnerability is due to insufficient sanitization of user-supplied input to the 'filecatid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This may allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in Joomla Component Ynews 1.0.0. An attacker can exploit this vulnerability to inject malicious SQL queries via the 'id' parameter in the 'showYNews' task of the 'com_ynews' component. This can allow the attacker to gain access to sensitive information from the database.

APD Remote SQL Injection

Astanda Directory Project (APD) is prone to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

dBpowerAMP Audio Player Release 2 Remote Buffer Overflow Exploit

A remote buffer overflow vulnerability exists in dBpowerAMP Audio Player Release 2. An attacker can exploit this vulnerability to execute arbitrary code on the target system by sending a specially crafted M3U file. The vulnerability is due to insufficient bounds checking of the file name when the application parses the M3U file. An attacker can exploit this vulnerability to execute arbitrary code on the target system by sending a specially crafted M3U file.

OpenSiteAdmin 0.9.1 BETA File Inclusion Vulnerability

OpenSiteAdmin 0.9.1 BETA and maybe prior versions are vulnerable to File Inclusion vulnerability. The vulnerable code is present in the files OpenSiteAdmin/indexFooter.php, OpenSiteAdmin/scripts/classes/DatabaseManager.php, OpenSiteAdmin/scripts/classes/FieldManager.php, OpenSiteAdmin/scripts/classes/Filter.php, OpenSiteAdmin/scripts/classes/Form.php, OpenSiteAdmin/scripts/classes/FormManager.php, OpenSiteAdmin/scripts/classes/LoginManager.php and OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php. The exploit can be triggered by sending a maliciously crafted HTTP request to the vulnerable server. The vulnerable server should have Register Globals and Magic_quotes_gpc set to On and Off respectively.

dBpowerAMP Audio Player Release 2 Remote Buffer Overflow

A buffer overflow vulnerability exists in dBpowerAMP Audio Player Release 2. An attacker can exploit this vulnerability by creating a malicious M3U file with a long URL and sending it to the target user. When the target user opens the malicious M3U file, the buffer overflow will occur, allowing the attacker to execute arbitrary code on the target system.

Recent Exploits: