header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

php-addressbook v3.1.5(edit.php) SQL Injection Vulnerability

A SQL injection vulnerability exists in php-addressbook v3.1.5, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'edit.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server, such as 'www.[target].com/Script/edit.php?id=-1+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14--'.

PHP-MySQL-Quiz SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input in the "id" parameter of the "editquiz.php" script. A remote attacker can execute arbitrary SQL commands in the application's database, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, etc.

Myiosoft easygallery (catid) Blind SQL Injection Vulnerability

A blind SQL injection vulnerability exists in Myiosoft easygallery. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The attacker can use the substring() function to determine the version of the database server. For example, an attacker can send a request with the substring() function to determine if the version of the database server is 4 or 5. If the request returns true, then the version of the database server is 5.

Mega ADS Portal (cid) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in the Mega ADS Portal (cid) due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as usernames, passwords, emails, and other confidential data stored in the database.

Opera 10.10 Status Bar Obfuscation

This exploit is related to the Opera 10.10 browser. When a user clicks on a link, the status bar displays the URL of the link, but the user is redirected to a different URL. This is a form of obfuscation, as the user is not aware of the actual URL they are being redirected to.

PhotoDiary 1.3 (lng) Local File Inclusion Vulnerability

PhotoDiary 1.3 is vulnerable to a Local File Inclusion vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious 'lng' parameter. This parameter is used to include a file from the web server's file system. By manipulating the 'lng' parameter, an attacker can include arbitrary files from the web server's file system.

Joomla Component com_mdigg(category) SQL-injection vulnerability

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains an SQL query that when executed, will return the username and password of the application's users. The attacker can then use this information to gain access to the application.

Weatimages Directory Traversal&Local File Include Vulnerabilities

Weatimages is vulnerable to directory traversal and local file include attacks. An attacker can use the 'path' parameter in the index.php file to traverse directories and include local files. This vulnerability can be exploited on both Linux and Windows servers.

Recent Exploits: