header-logo
Suggest Exploit

Latest Exploits:

Explore All Exploits
by:
FULLSHADE, SC
vendor:
PHPGurukul
Show More

Car Rental Project 1.0 – Remote Code Execution

Car Rental Project version 1.0 allows an attacker to upload arbitrary files due to lack of validation on file types during the image change operation. This can be exploited to upload malicious files and execute arbitrary commands on the server.

6.1
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name
Car Rental Project
Platforms Tested
Windows
Affected Version
From:
1
To:
1
2020
by:
Metin Yunus Kandemir
vendor:
ManageEngine
Show More

ManageEngine ADManager Plus Build < 7210 Elevation of Privilege Vulnerability

The vulnerability exists in ManageEngine ADManager Plus Build < 7210. A user with the 'Modify Computers' privilege in ADManager can alter attributes of computer objects in Active Directory, allowing them to set Constrained Kerberos Delegation and access services like CIFS, LDAP, and HOST services. This manipulation grants the user privileges they are not supposed to have, bypassing the normal restrictions.

6.1
CVSS
HIGH
Elevation of Privilege
269
CWE
Product Name
ADManager Plus
Platforms Tested
Affected Version
From:
Build < 7210
To:
Build 7210
2024
by:
Ardayfio Samuel Nii Aryee
vendor:
mhr3
Show More

Unzip-Stream 0.3.1 Arbitrary File Write

The unzip-stream version 0.3.1 allows an attacker to write arbitrary files by manipulating the 'arcname' parameter, circumventing restrictions in Python's 'zipfile' module. By crafting a malicious ZIP file, an attacker can overwrite files on the target system. This vulnerability has been assigned CVE-2024-42471.

6.1
CVSS
HIGH
Arbitrary File Write
73
CWE
Product Name
Unzip-Stream
Platforms Tested
Ubuntu
Affected Version
From:
1.3
To:
36586
2024
by:
Leandro Dias Barata
vendor:
Zabbix
Show More

Zabbix 7.0.0 – SQL Injection

The exploit allows an attacker to perform SQL injection through the 'selectRole' parameter in Zabbix version 7.0.0. This vulnerability is identified as CVE-2024-42327.

6.1
CVSS
HIGH
SQL Injection
89
CWE
Product Name
Zabbix
Platforms Tested
Kali Linux
Affected Version
From:
6.0.0
To:
7.0.0
2024
by:
Calil Khalil
vendor:
Nagios
Show More

Nagiosxi Authenticated Remote Code Execution

The Nagiosxi 5.6.6 allows authenticated remote attackers to execute arbitrary code by uploading a malicious check ping plugin. By exploiting this vulnerability, an attacker can gain unauthorized access to the target system.

8.1
CVSS
CRITICAL
Remote Code Execution
94
CWE
Product Name
Nagiosxi
Platforms Tested
Ubuntu
Affected Version
From:
Nagios Xi 5.6.6
To:
Nagios Xi 5.6.6
2024

Navigation

Suggest Exploit

Services By CQR