header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

TCPDF library Universal POI Payload to Arbitrary File Deletion

A universal Object Injection payload for vulnerable PHP applications, which make use of TCPDF library, is here shared. The payload abuses the __destruct() magic method of the Tcpdf class defined in tcpdf.php and allows to arbitrary delete files on the filesystem.

Acoustica Pianissimo 1.0 Build 12 (Registration ID) Buffer Overflow PoC

The vulnerability is caused due to a boundary error in the processing of a user input in the registration id field of the registration procedure, which can be exploited to cause a buffer overflow when a user inserts long array of string for the ID. Successful exploitation could allow execution of arbitrary code on the affected machine.

Clickheat 1.13+ Unauthenticated RCE

I have discovered a vulnerability in Clickheat 1.13 onwards that would allow an attacker to execute arbitrary commands on the remote webserver, in the context of the user running the webserver, without authentication. This could lead to unauthenticated access to the Clickheat web application, and potentially complete takeover of the remote webserver. For the exploit to be successful, the webserver (Apache was tested in this case) must be configured to handle Perl (.pl) scripts and have the ExecCGI directive present in the VirtualHost configuration. The issue stems from a script called parseClickLogs.pl in the /scripts directory of clickheat. If the Apache configuration is setup as above, this script will be executed when a user visits /clickheat/scripts/parseClickLogs.pl, as shown in Apache logs. Arbitrary parameters can be supplied to the script directly from the URL, separated by +'s. In the script, on line 48 is a vulnerable open() command.

Sendio ESP Information Disclosure Vulnerability

The Sendio [1] ESP Web interface authenticates users with a session cookie named 'jsessionid'. The vulnerability [CVE-2014-0999] is caused due the way the Sendio ESP Web interface handles the session cookie. When a user logs in to the Web interface, the application generates a session cookie and stores it in the user's browser. This cookie is used to authenticate the user in subsequent requests. The vulnerability is caused because the application does not properly sanitize the session cookie when it is included in URLs. This allows an attacker to access the Web interface without authentication by using the session cookie of a valid user.

SQLi vulnerabilities in WordPress plugin “GigPress”

An authenticated SQL injection vulnerability exists in the WordPress plugin "GigPress" due to insufficient sanitization of user-supplied input in the "show_artist_id" parameter of the "admin/handlers.php" script. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's back-end database.

Recent Exploits: