header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

awcm v2.2 final Local File Inclusion

The AWCM v2.2 CMS is vulnerable to Local File Inclusion. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'awcm_theme' and 'awcm_lang' cookie parameters in the 'header.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious cookie values to the vulnerable script. This can allow the attacker to read arbitrary files from the server.

PHPDirector Game Edition (game.php) Sql Injection Vulnerability

An attacker can exploit a SQL injection vulnerability in PHPDirector Game Edition (game.php) to gain access to the admin panel. The attacker can use the following URL to inject malicious SQL code: www.site.com/games.php?id=null[Sql Injection] www.site.com/games.php?id=null+and+1=2+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+pp_user. The admin panel can be accessed at www.site.com/admin/login.php.

AB WEB CMS V.1.35 Multiple Remote Vulnerabilities

AB WEB CMS version 1.35 is vulnerable to multiple remote vulnerabilities. The vulnerabilities are caused due to the improper validation of user-supplied input in the 'index.php' script. This can be exploited to execute arbitrary PHP code by sending a specially crafted HTTP request to the vulnerable script.

Exploit Integer Overflow Opera Web Browser 11.00

This exploit is only a Denial of Service in opera web browser. It creates a poc using heap spray that allow code execution, but the author does not post it because it can be used for evil. The exploit creates a HTML file with a select tag containing a large number of option tags with the same content. This causes an integer overflow in the program, leading to a Denial of Service.

Sun Microsystems SunScreen Firewall Root Exploit

The SunScreen Firewall can be administrated remotely via a java protocol service which is running on port 3858 on a SunOS machine. This Java Service contains numerous buffer overruns (2 of which I am aware of). Furthermore it is possible to execute arbitrary code if an attacker manages to upload a file onto the target system. As you can see in the following java exploit code the environment is not properly sanitized prior to executing shell scripts as root, thus one can use the LD technique to preload binaries or even easier modify the PATH variable to forge the ´cat´ binary (which is executed by lib/screenname) to be executed in a different place. This can be exploited locally - remotely especially if anonymous ftp uploads are possible or any other file transfer protocol is activated. Uploading a file via the line printer daemon might also be possible.

Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC

A specially crafted length field in a MODBUS packet header can trigger heap corruption. So basically memset(edi,eax,ecx). We control ecx, so we have control over the number of dwords it writes in the heap buffer. But, as you can see, the dwords themselves are not controllable, they are NULL. However, we can still write past the bounds of the allocated chunk of memory. Although it seems unlikely code execution could result, it is still possible to write data past the memory allocated on a heap (0x350000) available in the server process. This code works by setting up a fake channel and accepting a connection. To trigger this vulnerability, the server simply needs to initiate communication (monitor mode would be ideal) with this fake channel and the results depend on the response you choose.

PHP Link Directory v4.1.0 CSRF Vulnerability (Add Admin)

PHP Link Directory v4.1.0 is vulnerable to CSRF which allows an attacker to add an admin user to the application. The attacker can craft a malicious HTML page containing a form with hidden fields that when visited by an authenticated user, will submit the form and add an admin user to the application.

CultBooking 2.0.4 (lang) Local File Inclusion Vulnerability

CultBooking suffers from a local file inlcusion/disclosure (LFI/FD) vulnerability when input passed thru the 'lang' parameter to cultbooking.php script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.

Recent Exploits: