header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

AShop Deluxe and AShop Administration Panel Cross-Site Scripting Vulnerabilities

AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data.An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

AShop Deluxe and AShop Administration Panel Multiple Cross-Site Scripting Vulnerabilities

AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data.An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

vCard PRO Cross-Site Scripting Vulnerability

The vCard PRO application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and enable other attacks.

ImpressPages CMS v3.6 manage() Function Remote Code Execution Exploit

The vulnerability is caused due to the improper verification of uploaded files in '/ip_cms/modules/developer/config_exp_imp/manager.php' script thru the 'manage()' function when importing a configuration file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/file/tmp' directory after successful injection. Permission Developer[Modules exp/imp] is required (parameter 'i_n_2[361]' = on) for successful exploitation.

ISPConfig Authenticated Arbitrary PHP Code Execution

This module allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. The vulnerability was discovered by Brandon Perry.

XSP Source Code Information-Disclosure Vulnerability

XSP is prone to a source code information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.

Recent Exploits: