header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Frigate 3.36 – Buffer Overflow (SEH)

This exploit allows an attacker to execute arbitrary code on a system running Frigate 3.36. By generating a specially crafted 'test.txt' file and copying its contents to the clipboard, an attacker can trigger a buffer overflow when pasting the contents into Frigate3's 'Find Computer' feature. This results in the execution of the Windows calculator application.

Outline Service 1.3.3 – ‘Outline Service’ Unquoted Service Path

A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

osTicket 1.14.1 – Persistent Authenticated Cross-Site Scripting

This vulnerability allows an attacker to inject malicious script into a vulnerable parameter named 'name' in the osTicket application, which can lead to the execution of arbitrary code in the context of the user's browser. By exploiting this vulnerability, an attacker can obtain the cookie information of the target user.

ChemInv 1.0 – Authenticated Persistent Cross-Site Scripting

ChemInv suffers from a persistent cross-site scripting vulnerability(XSS). This vulnerability can be exploited to have all users of the system, with read access to the project, execute malicious client-side code; every time the users views the 'Projects' or 'Add Chemicals' tab. The application's source code mitigates SQL injection (SQLi), but fails to sanitize HTML and JavaScript injections to the SQL database.

Tribisur <= 2.0 Remote SQL Injection Exploit

There are two vulnerabilities in the Tribisur <= 2.0 script. The first vulnerability is in the 'liste.php' file, which can be exploited by passing a specially crafted parameter. The second vulnerability is in the 'cat_main.php' file, which can also be exploited by passing a specially crafted parameter. Both vulnerabilities allow an attacker to execute arbitrary SQL queries.

Andrea ST Filters Service 1.0.64.7 – ‘Andrea ST Filters Service ‘ Unquoted Service Path

A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

Open-AudIT Professional 3.3.1 – Remote Code Execution

This exploit allows an attacker to execute arbitrary code remotely on an Open-AudIT Professional v3.3.1 server. By injecting a payload into the configuration settings, the attacker can gain control over the server and execute commands. The vulnerability is identified by CVE-2020-8813.

Recent Exploits: