header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Cross Site Request Forgery(CSRF) vulnerability in DubSite CMS v1.0

Due to the lack of multiple input validation errors, an attacker is able to change the password of the administrative user. The following link will change the password of the administrative account. Changing the options will also allow you to change the name of the admin account. This link creates a user 'hax0r' with password test123 and adds it to the administrator group.

Ez Cart Multiple XSRF Vulnerabilities

Multiple XSRF vulnerabilities exist in Ez Cart version 1.0. These vulnerabilities allow an attacker to remove an item by ID, remove a member by ID, remove a category by ID, change admin info, and send emails to all members. An attacker can exploit these vulnerabilities by crafting a malicious form and sending it to the target application.

Ez Blog (XSS/XSRF) Multiple Vulnerabilities

Ez Blog version 1.0 is vulnerable to XSS and multiple XSRF vulnerabilities. An attacker can exploit these vulnerabilities by sending a maliciously crafted URL to the victim, which when clicked, can execute arbitrary JavaScript code in the victim's browser. An attacker can also exploit the XSRF vulnerabilities by sending a maliciously crafted form to the victim, which when submitted, can execute arbitrary commands on the server.

REM0TE SQL !NJEC7!0N Vulnerability

A remote SQL injection vulnerability exists in the sitedetails.asp page of the ClickTrackerASP software. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL code to the vulnerable page. This can allow the attacker to gain access to sensitive information stored in the database, such as passwords.

DesigNsbyjm Cms <== 1.0 (PageId) Remote SQL Injection Vulnerability

DesigNsbyjm Cms version 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to the lack of proper sanitization of user-supplied input in the 'pageid' parameter of the 'viewcontent.asp' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script.

Ez Faq Maker Multiple Vulnerabilities

The Ez Faq Maker application version 1.0 is vulnerable to XSS and multiple XSRF vulnerabilities. The XSS vulnerability exists in the front end of the application, where an attacker can inject malicious JavaScript code into the 'sid' parameter of the 'index.php' page. The multiple XSRF vulnerabilities exist in the admin panel, where an attacker can delete a category or FAQ by sending a malicious request to the 'admin.php' page. Additionally, the application does not have any protection against changing the admin info.

SitioOnline SQL Injection Vulnerability

SitioOnline is vulnerable to SQL injection attacks. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. For example, an attacker can send a malicious SQL query to the vulnerable lista_articulos.php?id_categoria= parameter to extract sensitive information from the database. Another example is sending a malicious SQL query to the vulnerable detalle_articulo.php?id_producto= parameter to extract sensitive information from the database.

Recent Exploits: