header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

JiRo? FAQ Manager v1.0 (index.asp) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'tID' parameter to '/index.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit latent vulnerabilities in the underlying database and compromise the system.

?IXForum 1.12 <= "RepId" Remote SQL Injection

A remote SQL injection vulnerability exists in ?IXForum 1.12. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The attacker can use the ?epId?parameter in the ?eplyNew.asp?page to inject malicious SQL code and gain access to the admin panel.

MaxDB WebDBM Database Parameter Overflow

This module exploits a stack buffer overflow in the MaxDB WebDBM service. By sending a specially-crafted HTTP request that contains an overly long database name. A remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the wahttp process. This module has been tested against MaxDB 7.6.00.16 and MaxDB 7.6.00.27.

KarjaSoft Sami FTP Server v2.02 USER Overflow

This module exploits the KarjaSoft Sami FTP Server version 2.02 by sending an excessively long USER string. The stack is overwritten when the administrator attempts to view the FTP logs. Therefore, this exploit is passive and requires end-user interaction. Keep this in mind when selecting payloads. When the server is restarted, it will re-execute the exploit until the logfile is manually deleted via the file system.

Recent Exploits: