header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =<7.0.3

This exploit allows an attacker to execute arbitrary code remotely without authentication in Dolibarr ERP CRM version 7.0.3 or below. By manipulating the 'db_name' parameter in the 'step1.php' page during the installation process, an attacker can inject malicious code and gain unauthorized access to the system.

Joomla com_wmtgallery Remote File Include

This exploit allows remote attackers to include arbitrary files on a vulnerable Joomla component called com_wmtgallery. The vulnerability is caused by the insecure handling of the 'mosConfig_live_site' parameter in the 'admin.wmtgallery.php' file. By manipulating the 'mosConfig_live_site' parameter, an attacker can include a remote file and potentially execute arbitrary code on the server.

Geutebruck simple_loglistjs.cgi Remote Command Execution

This module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.12.0.19 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.

Foxit Reader Remote Code Execution Exploit

This exploit allows remote code execution in Foxit Reader. It leverages vulnerabilities CVE-2018-9948 and CVE-2018-9958. The exploit is written in JavaScript and has been tested on Windows 7 Ultimate x86 and Windows 10 Pro x86 v1803. The target version is Foxit Reader v9.0.1.1049. The exploit code can be found at https://srcincite.io/blog/2018/06/22/foxes-among-us-foxit-reader-vulnerability-discovery-and-exploitation.html.

Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Recent Exploits: