header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Cross-Site Scripting vulnerability in Adobe ColdFusion

Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Code Widgets Multiple Question – Multiple Choice Online Questionaire SQL Injection Vulnerability

The Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SQL Injection in Code Widgets DataBound Collapsible Menu

Code Widgets DataBound Collapsible Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Code Widgets DataBound Index Style Menu SQL Injection Vulnerability

The Code Widgets DataBound Index Style Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Code Widgets Online Job Application SQL Injection Vulnerabilities

The Code Widgets Online Job Application is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The vulnerability can be exploited by using a specially crafted input such as ' or 1=1 or ''=' for the username and password fields.

RCE in PATCH requests in Spring Data REST

This exploit targets a vulnerability in Spring Data REST that allows remote code execution (RCE) through malicious PATCH requests. The vulnerability affects Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1). By exploiting this vulnerability, an attacker can execute arbitrary code on the server.

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass

The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.

Recent Exploits: