header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

4images 1.7.1 Remote SQL Injection Vulnerability

4images 1.7.1 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by searching for the admin username and then using a union select statement to find the admin password. The MD5 hash of the password can then be cracked to gain access to the admin panel.

Injection Flaw in PacketFence Network Access Controller

PacketFence is a fully supported, Free and Open Source network access control (NAC) system. The application is vulnerable to injection flaw like Xss, HTML Code injection. Attacker can perform attack via post method by manipulating passed data or entering malicious code in the username field.

Ignition 1.2 Multiple Local File Inclusion Vulnerabilities

Ignition 1.2 is vulnerable to multiple Local File Inclusion vulnerabilities. This vulnerability can be exploited by an attacker to include local files on the web server. The attacker can send a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable web application. This will allow the attacker to include local files on the web server and execute arbitrary code. The vulnerability is caused due to the use of user-supplied input without proper validation. The attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable web application. This will allow the attacker to include local files on the web server and execute arbitrary code.

Simplicity oF Upload (1.3.2) Remote File Upload Vulnerability

Simplicity oF Upload (1.3.2) is vulnerable to a remote file upload vulnerability. An attacker can exploit this vulnerability by sending a malicious file to the upload.php page of the application. The malicious file can be uploaded and executed on the server.

Explorer V7.20

A Cross-Site Scripting (XSS) vulnerability was discovered in JBC Explorer V7.20 Release Candidate 1 REV A. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary HTML and script code in the context of the affected application.

SaurusCMS <= 4.6.4 Multiple RFI Exploit

SaurusCMS versions 4.6.4 and below are vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a URL in the ‘class_path’ parameter which points to a malicious file on the attacker’s server. When the vulnerable server processes the request, the malicious file is executed on the server.

PlayMeNow Malformed M3U Playlist WinXP Universal BoF

A buffer overflow vulnerability exists in PlayMeNow media player versions 7.3 and 7.4 on Windows XP Pro SP2/3 & Home SP3. The vulnerability is caused due to a boundary error when handling specially crafted M3U playlist files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted M3U file with PlayMeNow. Successful exploitation may allow execution of arbitrary code.

Ptag <= 4.0.0 Multiple RFI Exploit

Ptag <= 4.0.0 is vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable application. This can allow the attacker to execute arbitrary code on the server. The vulnerable files are session.php and sql.php, which are located in the lib directory. The attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable application, which includes the path to the malicious file. This can allow the attacker to execute arbitrary code on the server.

CFAGCMS SQL Injection Exploit

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'title' parameter to '/right.php' script. A remote attacker can execute arbitrary SQL commands in application's database, compromise the application, access or modify data, exploit vulnerabilities in the underlying database and gain access to the server.

Lizard Cart Multiple SQL Injection Exploit

Lizard Cart is vulnerable to multiple SQL Injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'detail.php' and 'pages.php' scripts. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database, allowing for the manipulation or disclosure of arbitrary data.

Recent Exploits: