header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Xenforo Version 2.2.13 – Authenticated Stored XSS

This exploit allows an attacker to inject malicious JavaScript code into the Xenforo version 2.2.13 application. The vulnerability exists in the 'title' parameter of the '/admin.php?smilie-categories/0/save' endpoint, which does not properly sanitize user input. An authenticated user can exploit this vulnerability by submitting a crafted request with a malicious payload in the 'title' parameter. When the page is viewed by another user, the payload will be executed, leading to potential remote code execution or other malicious activities.

PrestaShop Winbiz Payment module – Improper Limitation of a Pathname to a Restricted Directory

The PrestaShop Winbiz Payment module is vulnerable to an Improper Limitation of a Pathname to a Restricted Directory vulnerability. This vulnerability allows an attacker to download arbitrary files from the server.

Microsoft SharePoint Enterprise Server 2016 – Spoofing

This exploit allows an attacker to spoof a SharePoint server by creating a fake file on the vulnerable server and redirecting users to a malicious website.

Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit – Spoofing

Microsoft OneNote is vulnerable to spoofing attacks. The malicious user can trick the victim into clicking on a very maliciously crafted URL or download some other malicious file and execute it. When this happens the game will be over for the victim and his computer will be compromised. Exploiting the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.

SPIP v4.2.1 – Remote Code Execution (Unauthenticated)

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. This PoC exploits a PHP code injection in SPIP. The vulnerability exists in the 'oubli' parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges.

Recent Exploits: