header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Joomla Com_Spain Remote SQL Injection Exploit

The Spain component for Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SolarWinds Storage Manager Authentication Bypass

This module exploits an authentication bypass vulnerability in Solarwinds Storage Manager. The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication with specially crafted URLs. After bypassing authentication, is possible to use a file upload function to achieve remote code execution. This module has been tested successfully in Solarwinds Store Manager Server 5.1.0 and 5.7.1 on Windows 32 bits, Windows 64 bits and Linux 64 bits operating systems.

Railo Remote File Include

This module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable <cffile> line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.

Briefcase 4.0 iOS – Code Execution & File Include Vulnerability

A remote code execution web vulnerability has been discovered in the official Briefcase Pro v4.0 iOS mobile wifi web-application. The vulnerability allows an attacker to compromise the application and connected device by usage of a system specific command execution. The vulnerability is located in the 'Create Folder (Add Folder)' input field. The input field to create folders allows to inject the input via POST method request.

OES (Open Educational System) 0.1beta Remote File Inclusion Vulnerability

The OES (Open Educational System) version 0.1beta has a vulnerability in the includes/lib-account.inc.php file. The include function is improperly used, allowing an attacker to include arbitrary remote files.

Recent Exploits: