header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Seditio CMS <= 121 Remote SQL Injection Exploit

This exploit allows an attacker to perform remote SQL injection on Seditio CMS version 121 or below. The vulnerability can be exploited if the target server meets the requirements of MySQL version 4.1 or above with magic_quotes_gpc set to Off. The exploit retrieves the user's hash and cookie to log in as the user.

Fleet Manager hyvikk Shell Upload

You can upload a php shell file as a vehicle image. After uploading the image, the shell will be saved in the /uploads/ folder with the id code. You can access the shell by going to http://localhost/delivery/public/vehicles/ and right-clicking on the recent 'php shell photo' you have uploaded.

WebED v0.0.9 (index.php) Remote File Disclosure Vulnerabilities

The vulnerability exists in the index.php file of WebED v0.0.9. The code in the file allows an attacker to read arbitrary files on the server by manipulating the 'Root' and 'Path' parameters in the URL. By including '../' in the parameters, an attacker can navigate to sensitive files such as '/etc/passwd'. This vulnerability can be exploited remotely.

Veeam ONE Reporter – Cross-Site Request Forgery (All Actions/Methods)

This exploit allows an attacker to perform various actions/methods on the Veeam ONE Reporter application. The exploit uses a form submission with a crafted payload to execute the desired action, such as deleting a dashboard. All methods in the application are vulnerable to this exploit.

Free Float FTP 1.0 “SIZE” Remote Buffer Overflow

This exploit targets a remote buffer overflow vulnerability in Free Float FTP 1.0. By sending a specially crafted "SIZE" command, an attacker can trigger a buffer overflow and potentially execute arbitrary code on the target system.

Web-MeetMe 3.0.3 Remote File Disclosure Vulnerability

The Web-MeetMe 3.0.3 application is vulnerable to a remote file disclosure vulnerability. By exploiting this vulnerability, an attacker can disclose sensitive files on the server by including malicious input in the 'roomNo' or 'bookid' parameters of the 'play.php' script. This can allow an attacker to view the contents of files such as the '/etc/passwd' file. The vulnerability was discovered by Evil.Man.

Recent Exploits: