header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

GoAhead Web Server 2.5 – ‘goform/formTest’ Multiple HTML Injection Vulnerabilities

Multiple HTML injection vulnerabilities are found in GoAhead Web Server version 2.5 due to insufficient input validation. Exploiting this vulnerability allows an attacker to inject and execute HTML code within the context of the affected site.

Online Shopping System Advanced SQL Injection Vulnerability

An SQL injection vulnerability in Online Shopping System Advanced allows attackers to gain unauthorized access to the database by injecting malicious SQL statements through the 'cm' parameter. This can lead to the disclosure of sensitive information like user credentials.

101 News-1.0 Multiple-SQLi

The searchtitle parameter in 101 News-1.0 is vulnerable to SQL injection attacks. By submitting a specific payload in the searchtitle parameter, an attacker can inject a SQL sub-query that calls MySQL's load_file function with a UNC file path pointing to an external domain. This allows the attacker to interact with the external domain, confirming the successful execution of the injected SQL query.

Incorrect Access Control Vulnerability in WyreStorm APOLLO VX20 Devices

A vulnerability was found in WyreStorm Apollo VX20 devices prior to version 1.3.58, allowing remote attackers to trigger a device restart through an HTTP GET request to /device/reboot endpoint. This vulnerability is identified as CVE-2024-25736.

WonderCMS 4.3.2 XSS to RCE

The exploit allows an attacker to craft a link that, when visited by an admin, triggers a cross-site scripting (XSS) vulnerability on WonderCMS version 4.3.2. This XSS vulnerability is then leveraged to remotely execute malicious code on the server, enabling the attacker to take control of the system. This exploit script generates a JavaScript file that, when loaded by the admin, sets up a reverse shell to the attacker's specified IP address and port.

DataCube3 v1.0 – Unrestricted File Upload Remote Code Execution

The DataCube3 v1.0 software is vulnerable to an unrestricted file upload vulnerability that can lead to remote code execution. An attacker can exploit this to upload malicious files to the server, potentially allowing them to execute arbitrary commands. This exploit also includes a reverse shell chain and information disclosure, such as leaking root passwords.

GL.iNet <= 3.216 Remote Code Execution via OpenVPN Client

GL.iNet version 3.216 is vulnerable to remote code execution via the OpenVPN client. An attacker can exploit this vulnerability by adding a malicious configuration file or client, allowing them to execute arbitrary code on the target system. This vulnerability is identified as CVE-2023-46456.

Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control

This exploit targets a vulnerability in Atlassian Confluence servers that allows an attacker to bypass authentication. By sending a specially crafted request, an attacker can create a new admin account without requiring authentication on the targeted Atlassian server.

Recent Exploits: