header-logo
Suggest Exploit

Latest Exploits:

Explore All Exploits
by:
Ahmet Ümit BAYRAM
vendor:
RDPGuard
Show More

RDPGuard 9.9.9 – Privilege Escalation

RDPGuard 9.9.9 allows privilege escalation by executing arbitrary code via a crafted .bat file in the Tools > Custom Actions / Notifications menu, leading to a reverse shell as NT AUTHORITY\SYSTEM.

6.1
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name
RDPGuard
Platforms Tested
Windows 10 (32bit)
Affected Version
From:
9.9.2009
To:
9.9.2009
2025
by:
Al Baradi Joy
vendor:
YesWiki
Show More

YesWiki Unauthenticated Path Traversal

YesWiki before 4.5.2 allows unauthenticated path traversal via the 'squelette' parameter. An attacker can exploit this to read arbitrary files on the server, like /etc/passwd.

7.1
CVSS
HIGH
Unauthenticated Path Traversal (LFI)
22
CWE
Product Name
YesWiki
Platforms Tested
Ubuntu 22.04
Affected Version
From:
< 4.5.2
To:
4.5.2001
2025
by:
Gjoko 'LiquidWorm' Krstic
vendor:
ABB Ltd.
Show More

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

The ABB Cylon Aspect BMS/BAS controller in versions <=3.08.02 is vulnerable to an authenticated stored cross-site scripting (XSS) flaw. An attacker can upload a malicious .txt file with XSS payload, which when stored on the server, can be served back to users. By injecting client-side scripts, attackers can execute arbitrary code in the context of any user accessing the infected file or related web page (license.php). Bypassing file upload checks requires including the Variant string in the request.

6.1
CVSS
HIGH
Stored Cross-Site Scripting
79
CWE
Product Name
ABB Cylon Aspect
Platforms Tested
GNU/Linux, Intel Processors, PHP, AspectFT Automation Application Server, lighttpd, Apache, OpenJDK, ErgoTech MIX Deployment Server
Affected Version
From:
NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio <=3.08.02
To:
2021
by:
Abdualhadi khalifa
vendor:
Apache
Show More

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

The Apache ActiveMQ version 6.1.6 is prone to a Denial of Service (DOS) vulnerability. An attacker can exploit this vulnerability by sending specially crafted requests to the server, causing it to become unresponsive or crash.

6.1
CVSS
HIGH
Denial of Service (DOS)
400
CWE
Product Name
ActiveMQ
Platforms Tested
Affected Version
From:
6.1
To:
38723
2025
by:
Giorgi Dograshvili [DRAGOWN]
vendor:
GeoVision
Show More

GeoVision GV-ASManager 6.1.1.0 – CSRF

A CSRF vulnerability exists in GeoVision GV-ASManager web application version 6.1.1.0 or earlier, enabling attackers to create Admin accounts via a crafted GET request. This exploit is often combined with CVE-2024-56903 for a successful CSRF attack.

6.1
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name
GV-ASManager
Platforms Tested
Windows 10, Kali Linux
Affected Version
From:
6.1.1.0
To:
6.1.1.0
2025

Navigation

Suggest Exploit

Services By CQR