header-logo
Suggest Exploit

Latest Exploits:

Explore All Exploits
by:
Mirabbas A─čalarov
vendor:
coppermine-gallery
Show More

coppermine-gallery 1.6.25 RCE

The coppermine-gallery version 1.6.25 is vulnerable to Remote Code Execution (RCE) attack. By uploading a specially crafted zip file containing a PHP file with malicious code, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access, data leakage, and potential compromise of the entire system.

6.1
CVSS
HIGH
RCE
CWE
Product Name
coppermine-gallery
Platforms Tested
Linux
Affected Version
From:
v1.6.25
To:
2023
by:
nu11secur1ty
vendor:
https://www.phpjabbers.com/
Show More

Limo Booking Software v1.0 – CORS

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain. The application allowed access from the requested origin http://wioydcbiourl.com. Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks. The attacker can get some of the software resources of the victim without the victim knowing this.

6.1
CVSS
HIGH
Cross-Origin Resource Sharing (CORS)
CWE
Product Name
Limo Booking Software
Platforms Tested
Affected Version
From:
To:
2023
by:
LiquidWorm
vendor:
Tinycontrol
Show More

Tinycontrol LAN Controller v3 (LK3) 1.58a – Remote Denial Of Service

The controller suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.

CVSS
Remote Denial Of Service
CWE
Product Name
Lan Controller
Platforms Tested
lwIP
Affected Version
From:
<=1.58a, HW 3.8
To:
2023
by:
CraCkEr
vendor:
Infosoftbd Solutions
Show More

Clcknshop 1.0.0 – SQL Injection

SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation.

8.1
CVSS
CRITICAL
SQL Injection
89, 74, 707
CWE
Product Name
Platforms Tested
Windows 10 Pro
Affected Version
From:
1.0.0
To:
1.0.0
2023