Suggest Exploit

Explore Vulnerabilities


Explore all Exploits:

Buffer Overflow Exploit in C Program

The C program contains a buffer overflow vulnerability due to improper input validation. By sending a specially crafted input, an attacker can overwrite the buffer boundaries and inject malicious code. This can lead to arbitrary code execution and potentially compromise the system. This vulnerability can be identified as CVE-2021-12345.

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure

Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information such as login credentials. This vulnerability affects multiple versions of the Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.

Windows Defender VBScript Detection Mitigation Bypass for TrojanWin32Powessere.G

Windows Defender usually blocks the execution of TrojanWin32Powessere.G, but a bypass using VBScript and ActiveX engine can allow the execution of malicious commands. By adding arbitrary text as the 2nd mshtml parameter, one can bypass the detection. For example, running rundll32 vbscript:"\\..\\mshtml\\..\\PWN\\..\\mshtml,RunHTMLApplication "+String(CreateObject("Wscript.Shell").Run("calc.exe"),0) can execute commands despite Windows Defender protection.

Electrolink FM/DAB/TV Transmitter Remote Authentication Bypass

An attacker can bypass authentication on Electrolink FM/DAB/TV Transmitter devices due to a lack of proper authentication mechanisms. This vulnerability affects various models and versions of Electrolink transmitters, allowing unauthorized access to the devices.

Wondercms 4.3.2 XSS to RCE

The exploit script allows an attacker to perform an XSS attack that leads to remote code execution on Wondercms version 4.3.2. By injecting a malicious script through a crafted link, the attacker can execute arbitrary commands on the server.

TPC-110W Remote Command Execution

The code snippet demonstrates a C program that establishes a socket connection to a remote device with IP address on port 8888. It then sends a command 'id' to the device, which is executed with root privileges. This vulnerability could be exploited by an attacker to remotely execute arbitrary commands on the target device.

Local File Inclusion in WordPress WP Rocket Plugin

The Local File Inclusion vulnerability in WordPress WP Rocket Plugin allows an attacker to include local files from the target website, potentially exposing sensitive information like database credentials and enabling a complete database takeover. This issue was fixed in version 2.10.4.

Recent Exploits: