Suggest Exploit

Explore Vulnerabilities


Explore all Exploits:

WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution

The vulnerability in Wordpress Plugin Background Image Cropper v1.2 allows remote attackers to execute arbitrary code on the target system. By uploading a malicious PHP file, an attacker can run commands on the server remotely. This vulnerability has a CVE ID pending assignment.

CVE-2023-22527: Atlassian Confluence RCE Vulnerability

The vulnerability allows remote attackers to execute arbitrary code on the affected Atlassian Confluence servers. By sending a specially crafted payload to the '/template/aui/text-inline.vm' endpoint, an attacker can exploit this issue. This vulnerability is identified as CVE-2023-22527.

Hitachi NAS (HNAS) System Management Unit (SMU) 14.8.7825 – Information Disclosure

The Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 and below is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. This vulnerability has been assigned CVE-2023-6538.

Buffer Overflow Exploit in C Program

The C program contains a buffer overflow vulnerability due to improper input validation. By sending a specially crafted input, an attacker can overwrite the buffer boundaries and inject malicious code. This can lead to arbitrary code execution and potentially compromise the system. This vulnerability can be identified as CVE-2021-12345.

WordPress File Upload < 4.23.3 Stored XSS

A Stored Cross-Site Scripting (XSS) vulnerability exists in WordPress File Upload plugin version 4.23.3 and prior. By inserting a malicious shortcode in a post, an attacker can trigger an XSS attack when a file is uploaded, leading to potential script execution in the victim's browser. This vulnerability has been assigned CVE-2023-4811.

Asterisk AMI – Partial File Content & Path Disclosure (Authenticated)

The exploit targets CVE-2023-49294 in Asterisk AMI, enabling authenticated users to enumerate filesystems, discover existing file paths, and disclose partial file contents. The disclosed files need to comply with the Asterisk configuration format, similar to INI configuration. The vulnerability can be utilized for unauthorized access to sensitive information.

CSZCMS v1.3.0 – SQL Injection (Authenticated)

An authenticated SQL injection vulnerability was found in CSZCMS v1.3.0. By manipulating the 'View' button next to a username in the Member Users section, an attacker can inject malicious SQL code using the 'sleep' function. This could lead to unauthorized access to the database or execution of arbitrary SQL queries.

WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)

The Alemha Watermarker Wordpress Plugin version 1.3.1 is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient sanitization of user-supplied data in the 'watermark_title' field. An attacker can insert malicious scripts in the Watermark Text field, which will execute whenever a user attempts to edit the page.

Recent Exploits: