header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

Visual Basic Enterprise Edition SP6 vb6skit.dll Buffer Overflow

vb6stkit.dll is a module that contains application programming interface (API) functions that enable Visual Basic applications to create shortcuts (Shell Links) programmatically. In this poc we will create a form containing an overly long string that we pass to the third parameter (lpstrLinkPath) to own EIP. Arbitrary code execution is possible but today I drank a lot of wine therefore I was unable to write an exploit :-D

N/A
CVSS
N/A
Buffer Overflow
CWE
Product Name
Visual Basic Enterprise Edition SP6
Platforms Tested
Affected Version
From:
To:
Unknown
Show More

Traindepot 0.1 (LFI/XSS) Multiple Remote Vulnerabilities

Traindepot 0.1 is vulnerable to LFI and XSS attacks. The LFI vulnerability allows an attacker to include arbitrary local files, potentially leading to sensitive information disclosure or remote code execution. The XSS vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to session hijacking or defacement of the website.

7.5
CVSS
HIGH
Local File Inclusion (LFI), Cross-Site Scripting (XSS)
CWE
Product Name
Traindepot
Platforms Tested
Affected Version
From:
Traindepot 0.1
To:
Traindepot 0.1
2008
Show More

WebCalendar v1.0.4 Remote File Include

This exploit allows an attacker to include remote files in the WebCalendar v1.0.4 application. The vulnerability is triggered by the 'includedir' parameter in the 'send_reminders.php' file. By manipulating this parameter, an attacker can include a malicious file hosted on a remote server.

5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name
WebCalendar
Platforms Tested
Affected Version
From:
1.0.4
To:
1.0.4
2008
Show More

MS04-032 Microsoft Windows XP Metafile (.emf) Heap Overflow

This exploit targets a vulnerability in the Windows Metafile (WMF) and Enhanced Windows Metafile (EMF) formats. It can be triggered by either viewing a malicious file or by navigating to a directory containing a malicious file that is displayed as a thumbnail. The vulnerability is related to a graphics rendering engine vulnerability (CAN-2004-0209). The exploit has been tested on Internet Explorer 6.0 (SP1), Explorer, and Windows XP SP1.

7.5
CVSS
HIGH
Heap Overflow
CWE
Product Name
Windows XP
Platforms Tested
Internet Explorer 6.0 (SP1), Explorer, Windows XP SP1
Affected Version
From:
Windows XP SP1
To:
2004

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR