header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

WordPress Eventify – Simple Events plugin <= 1.7.f SQL Injection Vulnerability

The WordPress Eventify - Simple Events plugin version 1.7.f and below is vulnerable to SQL Injection. By sending a specially crafted POST request to the fetcheventdetails.php file, an attacker can execute arbitrary SQL queries on the database.

7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name
Eventify - Simple Events plugin
Platforms Tested
Affected Version
From:
1.7.f
To:
1.7.f
2011
Show More

WordPress KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability

The WordPress KNR Author List Widget plugin version 2.0.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted request to the knrAuthorListCustomSortSave.php file, allowing them to execute arbitrary SQL commands on the underlying database.

7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name
KNR Author List Widget
Platforms Tested
Affected Version
From:
<= 2.0.0
To:
2.0.0
2011
Show More

TOWeb V3 Local Format String DOS Exploit (TOWeb.MO file corruption)

This exploit allows an attacker to create a corrupt TOWeb.MO file which can lead to a local format string denial of service (DOS) vulnerability. By providing a specially crafted input, the attacker can cause the TOWeb application to crash or become unresponsive.

7.5
CVSS
HIGH
Local Format String DOS
CWE
Product Name
TOWeb V3
Platforms Tested
Windows 7
Affected Version
From:
TOWeb V3.17
To:
TOWeb V3.17
2011
Show More

ZipX for Windows v1.71 ZIP File Buffer Overflow Exploit

The exploit takes advantage of a buffer overflow vulnerability in the ZipX for Windows v1.71 software. By creating a specially crafted ZIP file, an attacker can trigger the buffer overflow and execute arbitrary code on the target system. The exploit has been tested on Windows XP SP3 Brazilian Portuguese.

7.5
CVSS
HIGH
Buffer Overflow
Buffer Overflow
CWE
Product Name
ZipX for Windows
Platforms Tested
Windows XP SP3 Brazilian Portuguese
Affected Version
From:
v1.71
To:
v1.71
2011
Show More

WordPress VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability

The WordPress VideoWhisper Video Presentation plugin version 1.1 is vulnerable to SQL Injection. The 's' parameter in the 'c_status.php' file is not properly sanitized, allowing an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can execute arbitrary SQL queries, potentially gaining unauthorized access to the database.

9
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name
Video Presentation plugin
Platforms Tested
WordPress
Affected Version
From:
<= 1.1
To:
1.1
2011
Show More

WordPress Crawl Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability

The WordPress Crawl Rate Tracker plugin <= 2.0.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted request to the sbtracking-chart-data.php file. This allows the attacker to extract sensitive information from the database.

7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name
Crawl Rate Tracker plugin
Platforms Tested
WordPress
Affected Version
From:
2.0.0
To:
2.0.2
2011
Show More

DVD X Player 5.5 Professional (.plf) Universal DEP + ASLR BYPASS

This exploit bypasses Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) in DVD X Player 5.5 Professional (.plf) file. It allows arbitrary code execution.

7.5
CVSS
HIGH
DEP + ASLR Bypass
CWE
Product Name
DVD X Player
Platforms Tested
Windows XP SP2, Windows XP SP3, Windows 7
Affected Version
From:
DVD X Player 5.5 Professional
To:
DVD X Player 5.5 Professional
2011

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR