header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

gpEasy <= 1.5RC3 Remote FIle Include Exploit

This vulnerability allows an attacker to include a remote file on the vulnerable server. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'rootDir' parameter of the 'admin_password.php' script. A remote attacker can exploit this vulnerability to include arbitrary files from remote hosts and execute arbitrary code on the vulnerable system.

WordPress and Pyrmont V2. SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The request contains a malicious SQL query that can be used to extract sensitive information from the database, such as usernames and passwords. The malicious query is sent as a parameter in the URL, which is then processed by the vulnerable server.

Rumba XML (All Version)

A cross-site scripting (XSS) vulnerability exists in Rumba XML, all versions, which could allow an attacker to inject arbitrary web script or HTML. The vulnerability is due to insufficient sanitization of user-supplied input in the 'index.php' script. An attacker can exploit this vulnerability by enticing an authenticated user to click a malicious link. Successful exploitation could result in arbitrary web script or HTML execution in the user's browser session in the context of the affected application.

VirtueMart SQL Injection Vulnerability

VirtueMart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Bugtraq ID: 37314

Open Flash Chart is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.

Cross-Site Scripting (XSS) in jCore

A Cross-Site Scripting (XSS) vulnerability was discovered in jCore's search page, which allows an attacker to inject malicious JavaScript code into the search query. This code is then executed in the context of the user's browser, allowing the attacker to perform various malicious activities such as stealing cookies, hijacking sessions, and redirecting the user to malicious websites.

Hotel_habitaciones.php HotelID Remote SQL Injection Vulnerability

A vulnerability in the Hotel_habitaciones.php HotelID parameter of the Hotels Group software from www.bookingcentre.eu allows an attacker to inject arbitrary SQL commands. An attacker can send a specially crafted request containing an SQL statement to the vulnerable parameter to execute the statement on the underlying database server.

Recent Exploits: