header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Linux Kernel < 2.6.30.5 cfg80211 Remote DoS

This vulnerability is caused by a NULL pointer dereference in the Linux kernel's cfg80211 module. It is triggered when a victim scans and receives a beacon frame that does not contain a SSID IE and then receives another one that does have a SSID IE. This should only affect the 2.6.30 series.

DS CMS 1.0 (nFileId) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in DS CMS 1.0. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate data, disclose sensitive information, and potentially compromise the system.

Remote SQL Injection Vulnerability ( show_matchs.php competition )

A vulnerability exists in PHP Competition System BETA <= V0.84, which allows an attacker to inject arbitrary SQL commands via the 'competition', 'season', and 'day' parameters in the show_matchs.php script. This can be exploited to read arbitrary data from the database, including passwords and emails.

Linux NULL pointer dereference due to incorrect proto_ops initializations

A quick and dirty exploit for this vulnerability can be found at http://www.frasunek.com/proto_ops.tgz and a mirror of the exploit can be found at https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/9436.tgz (2009-proto_ops.tgz)

TGS CMS Multiple Vulnerabilities

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Affected items: http://127.0.0.1/cms/login.php?previous_page=[XSS] Exemple: <script>alert(document.cookie)</script> The Risk: By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies.

Gazelle CMS 1.0 Remote Arbitrary File Upload Vuln

Gazelle CMS 1.0 is vulnerable to a remote arbitrary file upload vulnerability. An attacker can exploit this vulnerability by sending a malicious file to the vulnerable server and then accessing it via a web browser. This can be done by changing the 'Type' parameter in the URL from 'Image' to 'File' and then uploading the malicious file. The malicious file can then be accessed via the URL http://localhost/Ananta_Gazelle1.0/user/File/shell.php

WordPress Plugin WP-Syntax <= 0.9.1 Remote Command Execution

A vulnerability in the WP-Syntax plugin for WordPress allows an attacker to execute arbitrary commands on the server hosting the vulnerable website. This is due to the plugin not properly sanitizing user-supplied input when processing the "geshi" parameter in the "wp-syntax.php" script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code in the "geshi" parameter.

Recent Exploits: