header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Alex News-engine (fckeditor) Arbitrary File Upload

A vulnerability exists in Alex News-engine (fckeditor) which allows an attacker to upload arbitrary files to the server. The vulnerability is due to the lack of proper authentication and authorization checks in the '/editors/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFolder=/' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script and upload arbitrary files to the server.

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-039

Pluck CMS has Local File Include vulnerability. Successful exploitation requires that "register_globals" is enabled. An example of the exploit is http://[server]/[installdir]/data/inc/lib/pcltar.lib.php?g_pcltar_lib_dir=../../../../../../../../../../../../../etc/passwd%00

Script: Musicbox Version 2.3.8 Remote SQL Injection Vulnerability

This vulnerability allows an attacker to inject malicious SQL code into the vulnerable application. In this case, the vulnerable application is Musicbox Version 2.3.8. The exploit code allows an attacker to extract usernames and passwords from the application's database.

noIPwn3r

noIPwn3r is an exploit for the DDNS noip-2.1.7 client for Linux. It is a buffer overflow exploit that takes advantage of the fact that the programmer blindly trusts the server response and copies static variables without size checking. This can be exploited with a poisoned DNS or a MITM attack.

Exodus v0.10 uri handler arbitrary parameter injection

It is possible to inject arbitrary command line parameters into Exodus v0.10, which can be used to overwrite arbitrary files or cause an infinite loop through multiple unhandled exceptions. This vulnerability affects Microsoft Windows systems.

Recent Exploits: