header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

W-Agora Local File Include and Cross-Site Scripting Vulnerabilities

W-Agora is prone to multiple local file-include vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker can exploit these vulnerabilities to view and execute local files within the context of the webserver process or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Memory Corruption Vulnerability in Teamspeak

Attackers can exploit this issue by sending a specially crafted voice transmission packet containing malicious data. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Feindura CMS Local File Include and Cross-Site Scripting Vulnerabilities

Feindura CMS is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Joomla Component com_projects LFI & SQL Vulnerability

The 'com_projects' component for Joomla! is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. By using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.

Windows Vista/7 lpksetup.exe (oci.dll) DLL Hijacking Vulnerability

Microsoft Windows 'lpksetup.exe' is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.

Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit

The Absolute Image Gallery Gallery.ASP script is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'categoryid' parameter in the 'gallery.asp' script. By injecting SQL code, the attacker can bypass authentication, access unauthorized data, modify or delete data, or perform other malicious actions.

WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include

The WebCalendar v0.9.45 (13 Dec 2004) is vulnerable to remote file inclusion in the login.php, get_reminders.php, and get_events.php scripts. An attacker can include an arbitrary file by manipulating the includedir parameter in the URLs provided. This can lead to remote code execution and compromise of the affected system.

Recent Exploits: