header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Sun Java System Access Manager and Identity Manager Users Enumeration

Sun Java System Access Manager and Identity Manager are prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

NewsCMSLite Authentication-Bypass Vulnerability

NewsCMSLite is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.

ConPresso CMS Multiple Remote Vulnerabilities

ConPresso CMS is prone to multiple remote vulnerabilities, including cross-site scripting, cross-domain scripting, and session-fixation vulnerabilities. An attacker can exploit these issues to execute arbitrary script code within the context of the affected browser or within the context of another frame, steal cookie-based authentication credentials, hijack a user's session, and gain unauthorized access to the affected application. Other attacks are also possible.

OBLOG Cross-Site Scripting Vulnerability

OBLOG is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Pidgin Denial-of-Service Vulnerability

Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will cause the affected application to crash, effectively denying service to legitimate users. Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application: '26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'

Recent Exploits: