header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)

WebfolioCMS 1.1.4 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, modify web pages, and change other WebfolioCMS parameters. The exploit demonstrates how to add an administrator account and modify existing and published web pages.

Sysax Multi Server <= 5.52 File Rename BoF RCE (Egghunter)

This exploit allows remote code execution through a buffer overflow vulnerability in Sysax Multi Server version 5.52 and below. It utilizes an egghunter technique to bypass DEP (Data Execution Prevention). The vulnerability was discovered by Craig Freyman (@cd1zz) and detailed information can be found at http://www.pwnag3.com/2012/02/sysax-multi-server-552-file-rename.html.

PeerBlock 1.1 BSOD

The PoC (Proof of Concept) allows an attacker to create a blue screen of death (BSOD) on systems running PeerBlock 1.1. The vulnerability is caused by a buffer overflow in the pbfilter.sys driver. By sending a specially crafted IOCTL request to the driver, an attacker can trigger the buffer overflow and crash the system, resulting in a BSOD. The vulnerability has been tested on Microsoft Windows XP Professional SP3.

Ananta Gazelle CMS – Update Statement Sql injection

This SQL injection vulnerability allows an attacker to update the username and password of the admin user in Ananta Gazelle CMS. The vulnerability is present in the 'forgot.php' page, where the user can submit a form to set a new activation key for their account. The vulnerable code does not properly sanitize the user input, allowing the attacker to modify the SQL query and set arbitrary values for the admin username and password. The vulnerability can be exploited by sending a specially crafted POST request to the 'forgot.php' page with the desired values for the username and password. The exploit changes the username to '1' and the password to '1' by copying the value of a default column in the 'users' table. This allows the attacker to gain administrative access to the CMS.

Recent Exploits: