header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

MODx Local File Inclusion and Cross-Site Scripting Vulnerabilities

MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

MODx Local File-Include and Cross-Site Scripting Vulnerabilities

MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

phpMyFAQ Cross-Site Scripting Vulnerability

The phpMyFAQ application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.

HTML Injection vulnerability in Micro CMS

Micro CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

SQL Injection Vulnerability in Car Portal

Car Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

HTML-injection vulnerability in Horde IMP Webmail

Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

TOPHangman SQL and HTML Injection Vulnerabilities

The TOPHangman application fails to properly sanitize user-supplied input, leading to SQL and HTML injection vulnerabilities. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, exploit other latent vulnerabilities in the database, or execute arbitrary script code in the context of an unsuspecting user's browser. This can result in stealing authentication credentials, controlling the site's appearance, and launching further attacks.

WSN Guest 1.21 Version Comments.PHP “ID” SQL Injection Exploit

The WSN Guest 1.21 version of the Comments.PHP script is vulnerable to SQL Injection. This can be exploited by an attacker to inject malicious SQL code into the 'id' parameter of the script. The exploit allows the attacker to retrieve sensitive information from the database, such as usernames and passwords of the WSN Guestbook members.

MySITE SQL Injection and Cross-Site Scripting Vulnerabilities

MySITE is vulnerable to an SQL-injection vulnerability and a cross-site scripting vulnerability due to inadequate input sanitization. Exploiting these vulnerabilities could allow an attacker to steal authentication credentials, compromise the application, access or modify data, or exploit other vulnerabilities in the database.

Recent Exploits: