header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Police Crime Record Management Project 1.0 – Time Based SQLi

The application suffers from an unauthenticated SQL Injection vulnerability.Input passed through 'edit' GET parameter in 'http://127.0.0.1//ghpolice/admin/investigation.php' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and retrieve sensitive data.

Simple Attendance System 1.0 – Unauthenticated Blind SQLi

The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'employee_code' POST parameter in 'http://127.0.0.1//attendance/Actions.php?a=save_attendance' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and retrieve sensitive data.

ECOA Building Automation System – Arbitrary File Deletion

The ECOA Building Automation System is vulnerable to arbitrary file deletion. The Risk-Terminator Web Graphic control BEMS and RiskBuster Router Server are affected. An attacker with appropriate security codes can delete arbitrary files from the system. This can lead to unauthorized access and potential disruption of the system's functionality.

COMMAX UMS Client ActiveX Control 1.7.0.2 – ‘CNC_Ctrl.dll’ Heap Buffer Overflow

The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a heap based buffer overflow when a user inserts overly long array of string bytes through several functions. Successful exploitation could allow execution of arbitrary code on the affected node.

Remote Mouse GUI 3.008 – Local Privilege Escalation

This exploit allows an attacker to escalate their privileges locally on the system by exploiting a vulnerability in Remote Mouse GUI 3.008. By following the steps mentioned, the attacker can spawn a new command prompt with Administrator privileges.

LiteSpeed Web Server Enterprise 5.4.11 – Command Injection (Authenticated)

The LiteSpeed Web Server Enterprise version 5.4.11 is vulnerable to command injection. An authenticated attacker can exploit this vulnerability to execute arbitrary commands on the server. The vulnerability exists in the 'Server Configuration > Server > External App > Edit' section, where the 'Command' value is not properly sanitized. By injecting a malicious payload, an attacker can execute arbitrary commands with the privileges of the server.

Water Billing System 1.0 – ‘id’ SQL Injection (Authenticated)

The 'id' parameter in the 'edituser.php' and 'viewbill.php' pages of the Water Billing System 1.0 is vulnerable to SQL Injection. An attacker can manipulate the 'id' parameter to execute arbitrary SQL queries.

WordPress Plugin Good LMS 2.1.4 – ‘id’ Unauthenticated SQL Injection

The vulnerability allows an attacker to perform an SQL injection attack in the Good Layers LMS Plugin version 2.1.4 or earlier. The vulnerable code is located in the file 'goodlayers-lms/include/lightbox-form.php' from line 682 to 701. The SQL injection occurs in the 'id' parameter of the SQL query. An attacker can manipulate the 'id' parameter to execute arbitrary SQL commands.

Recent Exploits: