header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Basic php-events lister2 ADD ADMIN Exploit

The exploit allows an attacker to bypass authentication and add a user to the Basic php-events lister2 application. The attacker can access the add_user.php page and add a user with any credentials. After that, the attacker can access the login.php page and gain access to the application.

Authentication bypass and file manipulation in Sitecore Staging Module

The Staging Webservice (normally found in "/sitecore modules/staging/ service/api.asmx") used for transmitting files between the Sitecore Master and Slave Server is vulnerable to authentication bypass and therefore files can be uploaded in arbitrary directories on the server, files can be downloaded from arbitrary directories on the server, directory listings of the whole server can be received and the webserver cache can be deleted. An attacker is able to upload a shell, delete the webserver cache and execute arbitrary code on the server.

Horde 3.3.5 “PHP_SELF” Cross-Site Scripting vulnerability

Input passed to 'PHP_SELF' variable is not properly filtered before being returned to the user. This can be explotied to inject arbitrary HTML or to execute arbitrary script code in a user's browser session in context of an affected site. In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator.

PHP F1 Upload Shell Upload Vulnerability

This vulnerability allows an attacker to upload a malicious shell to a vulnerable website running the PHP F1 webscripts. The attacker can use the Google Dork “Photo Album” “Powered by PHP F1” to find vulnerable websites. The attacker can then access the admin.php page and upload a malicious shell with the name shell.php.pjpeg. The attacker can then access the shell by going to the URL http://server/path/original/shell.php.pjpeg.

Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass

Cisco VPN SSL Clientless lets administrators define rules to specific targets within the private network that WebVPN users will be able to access. This specific targets are published using links in VPN SSL home page. These links (URL) are protected (obfuscated) using a ROT13 substitution and converting ASCII characters to hexadecimal. An user with a valid account and without “URL entry” can access any internal/external resource simply taken an URL, encrypt with ROT 13, convert ASCII characters to hexadecimal and appending this string to Cisco VPN SSL URL.

Multi Blind SQL Injection Vulnerability

A multi Blind SQL Injection vulnerability was discovered in the Multi-lingual Application software of www.charon.co.uk. The vulnerability was discovered by ((R3d-D3v!L)) in December 2009. The vulnerable URL is http://server/multi_language/adminsection/products_update.asp?ProductID={Err0r}. The exploit is done by sending a malicious request with a true statement such as products_update.asp?ProductID=1 and 1=1 and a false statement such as products_update.asp?ProductID=1 and 1=2. The same exploit can be done on RegistrationResults.asp?Delete={JuPA} and content.asp?ContentID=((M2Z)).

Tybe:(player.asp player_id) bl!nd SQL Injection Vulnerability

A blind SQL injection vulnerability exists in the 'player.asp?player_id' parameter of the Texas Rankem software from www.clicktech.com. An attacker can send maliciously crafted requests to the vulnerable parameter to execute arbitrary SQL commands on the underlying database.

Recent Exploits: