header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Mpay24 PrestaShop Payment Module Multiple Vulnerabilities

The Mpay24 plugin version 1.5 and earlier does not sufficiently filter or escape user supplied data used in database queries resulting in SQL injection vulnerabilities. This vulnerability allows attackers to extract information directly from the database.

Joomla Spider Calendar <= 3.2.6 SQL Injection

The 'calendar_id' and 'calendar' variables in Joomla Spider Calendar <= 3.2.6 are not sanitized, allowing for SQL injection attacks. An attacker can exploit this vulnerability by sending a specially crafted request to the affected website's 'index.php' file.

SonicMailer Pro <= 3.2.3 (index.php) Remote Blind SQL Injection Exploit

This exploit allows an attacker to perform a blind SQL injection attack on SonicMailer Pro version 3.2.3. By exploiting this vulnerability, the attacker can retrieve the usernames and passwords of the administrators of the SonicMailer Pro application.

Cross-Site Scripting Vulnerability in NuSOAP

The NuSOAP library fails to properly sanitize user-supplied data, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to theft of authentication credentials and other attacks.

SQL Injection vulnerability in CMS WebManager-Pro

The CMS WebManager-Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Cross-Site Scripting Vulnerability in OneCMS

The OneCMS application fails to properly sanitize user-supplied data, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code into the browser of an unsuspecting user, potentially allowing the attacker to steal authentication credentials and launch further attacks.

Cross-Site Scripting and HTML-Injection Vulnerabilities in ArtGK CMS

ArtGK CMS is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection Exploit

This exploit takes advantage of a blind SQL injection vulnerability in Top Auction 1.0's viewcat.php script. By manipulating the 'category' parameter, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database, such as usernames and passwords.

Rumba XML HTML-injection vulnerabilities

Rumba XML is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Recent Exploits: