header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Yosemite Backup Buffer Overflow Vulnerability

Yosemite Backup is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

dB Masters’ Curium CMS <= 1.03(c_id) Remote Blind SQL Injection Vulnerability

The vulnerability allows an attacker to execute arbitrary SQL queries on the target system, potentially gaining unauthorized access to sensitive information. The exploit involves manipulating the 'c_id' parameter in the 'news.php' file of dB Masters' Curium CMS version 1.03 or earlier. By injecting SQL code into the 'c_id' parameter, an attacker can bypass authentication and retrieve usernames and passwords from the 'cm_users' table.

Cross-Site Scripting Vulnerabilities in Opera Web Browser

The Opera Web Browser is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, change the browser's settings, and launch other attacks.

EQdkp <= 1.3.1 Referer Spoof to access to SQL Database

A vulnerability exists in all current versions of EQdkp that allows one to spoof their referring URL to gain access to an integrated class-1 MySQL Backup/Restore program which allows one to download and modify sensitive SQL data. The script only checks for authentication via referring URL from the administration control panel. From the EQdkp_USERS.sql file, the username/email and MD5 Hashed password can be obtained. From there, the password needs to be cracked.

SQL injection in InterWorx Control Panel

The InterWorx application stores its data in a MySQL-database. For interaction with the database dynamic queries are used. These queries are created by concatenating strings from the application with user input. However, the application does not perform proper validation or escaping of the supplied input in the 'i' parameter when sorting user accounts in NodeWorx, Siteworx and Resellers. Malicious users with access to this functionality can manipulate database queries to achieve other goals than the developers had in mind.

Recent Exploits: