header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

EggAvatar for vBulletin 3.8.x local file read

EggAvatar is a plugin for vBulletin 3.8.x which allows an attacker to read any file on the server by exploiting a vulnerability in the eggavatar.php file. The vulnerability is caused due to the improper validation of user-supplied input in the 'old' parameter of the 'eggavatar.php' script. This can be exploited to read any file on the server with the privileges of the webserver.

KingView 6.5.3 SCADA ActiveX

This exploit is for KingView 6.5.3 SCADA ActiveX. It uses a heap overflow vulnerability to execute arbitrary code. The exploit code creates a malicious ActiveX object with a specially crafted argument. This argument contains a NSEH and SEH handler, followed by a NOP sled and shellcode. The shellcode is responsible for executing calc.exe. The exploit was tested on Windows XP SP3 running on VMware Fusion 3.1 and VirtualBox 3.2.8.

Bacula-web 1.3.x – 5.0.3 Multiple Remote Vulnerabilities

Bacula-web is affected by cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. It is also affected by blind SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Citrix Access Gateway Command Execution

The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.

CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit

CakePHP is a popular PHP framework for building web applications. The Security component of CakePHP is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver.

Recent Exploits: