header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

Bitrix Site Manager Multiple RFI Exploit

Bitrix Site Manager is prone to a remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name
Bitrix Site Manager
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2009
Show More

Hosting controller program have a security bug in “UserProfile.asp” that an authenticated user can change other’s profiles.

Hosting Controller is an application to manage a host. An authenticated user can change other's profiles, email address and then use forgot password to recieve their password! Also he/she can gain administrator password by this way.

7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name
Hosting Controller
Platforms Tested
N/A
Affected Version
From:
6.1 HotFix 2.0
To:
Older
2005
Show More

Exploit for Autologin Vulnerability

This exploit allows an attacker to bypass authentication and gain access to a user account without knowing the user's password. The exploit works by sending a specially crafted cookie to the server, which contains a malicious SQL query that will return the user's password. The attacker can then use the cookie to gain access to the user's account.

7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name
N/A
Platforms Tested
N/A
Affected Version
From:
N/A
To:
N/A
2020
Show More

WebMax Portal Password Reset Vulnerability

WebMax Portal is vulnerable to a password reset vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This will allow the attacker to reset the password of any user in the application.

7,5
CVSS
HIGH
Password Reset Vulnerability
20
CWE
Product Name
WebMax Portal
Platforms Tested
N/A
Affected Version
From:
1.35 and older
To:
1.36, 2.0
2005

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR