header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Authentication Bypass and SQL Injection Vulnerabilities in VisualShapers ezContents

VisualShapers ezContents is prone to an authentication-bypass vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Nabopoll Blind SQL Injection P0C Exploit

This is a Proof of Concept exploit for the Nabopoll Blind SQL Injection vulnerability. The exploit allows an attacker to extract the MySQL user by manipulating the 'surv' parameter in the 'result.php' page. The exploit iterates through ASCII values of characters to extract the user one character at a time.

EasySiteNetwork Jokes Complete Website Multiple Cross-Site Scripting Vulnerabilities

The EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Datalife Engine Multiple Remote File-Include Vulnerabilities

Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.

Cross-Site Scripting Vulnerabilities in SurgeFTP

SurgeFTP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in an administrator's browser session in the context of the affected site. This could potentially allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.

DBGuestBook 1.1 RFI Vulnerability

The DBGuestBook 1.1 script is vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by injecting a malicious file path in the 'dbs_base_path' parameter in the following URLs:- http://SITE.com/path/includes/utils.php?dbs_base_path=[SHELL]- http://SITE.com/path/includes/guestbook.php?dbs_base_path=[SHELL]- http://SITE.com/path/includes/views.php?dbs_base_path=[SHELL]By exploiting this vulnerability, the attacker can execute arbitrary code on the server.

Cross-Site Request Forgery Vulnerabilities in Zenoss

The vulnerabilities in Zenoss allow a remote attacker to perform administrative actions, execute arbitrary commands, gain unauthorized access, or delete data through cross-site request forgery attacks. The specific exploits include modifying user settings, executing commands, and performing user commands on devices.

Recent Exploits: