header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Cross-Site Scripting Vulnerability in Basic-CMS

Basic-CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

CMS Made Simple Local File Include and Cross-Site Scripting Vulnerabilities

CMS Made Simple is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Symantec Client Proxy ActiveX Control Buffer Overflow Vulnerability

The Symantec Client Proxy ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successful exploits allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

AIMP Remote Stack-Based Buffer Overflow Vulnerability

AIMP is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Remote Oracle DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION exploit (9i/10g)

This exploit allows an attacker to grant or revoke dba permission to an unprivileged user in Oracle DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION. It has been tested on Oracle Database 10g Enterprise Edition Release 10.1.0.3.0.

Arbitrary File Creation Vulnerability in Interspire Knowledge Manager

The Interspire Knowledge Manager is prone to a vulnerability that allows attackers to create arbitrary files on a vulnerable computer. An attacker may exploit this issue to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks.

CommodityRentals CD Rental Software SQL Injection Vulnerability

The CommodityRentals CD Rental Software is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Remote Oracle DBMS_METADAT.GET_DDL exploit

This exploit allows an attacker to grant or revoke dba permission to an unprivileged user in Oracle DBMS_METADAT.GET_DDL (9i/10g) versions. The attacker needs to have Oracle InstantClient (basic + sdk) installed for DBD::Oracle.

PHP ‘safe_mode’ Restriction-Bypass Vulnerability

The vulnerability allows an attacker to bypass the 'safe_mode' restriction in PHP. By providing a specially crafted session_save_path parameter, an attacker can write session files in arbitrary directions.

Accellion File Transfer Appliance Multiple Remote Vulnerabilities

An attacker may leverage these issues to execute arbitrary script code within the context of the webserver, steal cookie-based authentication credentials, obtain sensitive information, and execute arbitrary code or commands with superuser privileges. Other attacks are also possible.

Recent Exploits: