header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability

This vulnerability allows an attacker to disclose the source code of files in the cwmExplorer 1.0 application. The vulnerability exists in the show_file parameter, which is not properly sanitized before being used in a file inclusion operation. By manipulating the show_file parameter, an attacker can specify the path of any file on the server and view its source code.

Magic News Pro Multiple Input-Validation Vulnerabilities

Multiple input-validation vulnerabilities in Magic News Pro allow remote attackers to execute arbitrary PHP code or steal cookie-based authentication credentials via (1) a remote file-include issue and (2) two cross-site scripting vulnerabilities. An attacker can exploit these issues to execute arbitrary PHP code in the context of the webserver process or to steal cookie-based authentication credentials.

Cross-site scripting vulnerability in CedStat

CedStat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Cross-Site Scripting Vulnerability in Google Desktop

The Google Desktop application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. Attackers can exploit this vulnerability in conjunction with a latent cross-site scripting vulnerability in the 'google.com' domain to execute arbitrary script code in the browser of an unsuspecting user. This can allow attackers to access the contents of the Google Desktop search index or potentially execute arbitrary code.

Userpages2 SQL Injection Vulnerability

Userpages2 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Cross-site scripting vulnerabilities in MyCalendar

The MyCalendar application is vulnerable to multiple cross-site scripting vulnerabilities due to inadequate sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, within the context of the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.

Recent Exploits: