header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

CiscoWorks Common Services Cross-Site Scripting Vulnerability

The CiscoWorks Common Services application fails to sufficiently sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks, potentially stealing authentication credentials and launching other attacks.

WordPress WP Symposium 14.11 Shell Upload

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

Oracle MySQL for Microsoft Windows FILE Privilege Abuse

This module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is Windows 7 friendly.

Lexmark MarkVision Enterprise Arbitrary File Upload

This module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.

Foxit MobilePDF v4.4.0 iOS – Multiple Web Vulnerabilities

A local file include web vulnerability has been discovered in the official Foxit MobilePDF v4.4.0 iOS mobile web-application. The local file include vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.The vulnerability is located in the `filename` value of the wifi interface `upload` module. Local attackers are able to manipulate the wif

IPMI Information Disclosure

This exploit allows an attacker to disclose sensitive information from the IPMI (Intelligent Platform Management Interface) protocol. By sending specific commands to the IPMI service, an attacker can retrieve information such as user access privileges, user names, and other configuration settings.

Cisco Unified Operations Manager Multiple Cross-Site Scripting Vulnerabilities

The Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities due to improper input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a targeted user, potentially leading to the theft of authentication credentials and other malicious activities.

Cross-Site Scripting Vulnerabilities in Cisco Unified Operations Manager

Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.

Multiple Cross-Site Scripting Vulnerabilities in Cisco Unified Operations Manager

The Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially allowing the attacker to steal authentication credentials or perform other malicious activities.

Cross-Site Scripting Vulnerability in TWiki

TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Recent Exploits: