header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

SQL Injection vulnerability in vtiger CRM

vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Microsoft Office Word 2007 – RTF Object Confusion ASLR and DEP bypass

This exploit allows an attacker to bypass ASLR and DEP protections in Microsoft Office Word 2007. The exploit takes advantage of a confusion in the RTF object handling. The attacker can execute arbitrary code, such as a Windows message box, on the target machine.

SonicWall NSA 4500 HTML-injection and Session-hijacking Vulnerabilities

Exploiting these issues can allow an attacker to hijack a user's session and gain unauthorized access to the affected application, or run malicious HTML or JavaScript code, potentially allowing the attacker to steal cookie-based authentication credentials, and control how the site is rendered to the user; other attacks are also possible.

Multiple Cross-Site Scripting Vulnerabilities in vtiger CRM

The vtiger CRM software is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the context of the affected site, potentially leading to the theft of authentication credentials and other malicious activities.

Cross-Site Scripting Vulnerabilities in vtiger CRM

vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Cross-Site Scripting Vulnerability in Phorum

Phorum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

XOOPS Module Core (viewcat.php) Remote BLIND SQL Injection Exploit

This exploit allows an attacker to perform a blind SQL injection attack on the XOOPS Module Core's viewcat.php script. By manipulating the 'cid' parameter, the attacker can extract sensitive information from the database, such as usernames and passwords.

Recent Exploits: