header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Sudo <= 1.6.9p18 local r00t exploit

This exploit allows a user to gain root privileges on a system running Sudo version 1.6.9p18 or earlier. The exploit requires a special configuration in the sudoers file, which allows environment variables to be preserved. The user must also know the password of the current user. The exploit is written in C and requires two files to be compiled and executed. The first file is a shared library which is loaded by sudo, and the second is a program which is executed by sudo. The shared library contains code which sets the user and group ID to 0, and then executes a shell script which creates a root shell.

SMBRELAY 3 – NTLM replay attack (version 1.0 ) public version

SMBRELAY 3 is a NTLM replay attack tool which allows an attacker to capture the NTLM challenge-response of a user and use it to authenticate as that user. It was released in 2008 by Andres Tarasco Acuña and is available for download from the URL http://tarasco.org/Web/tools.html. The exploit is available in the form of a zip file from the URL https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/7125.zip.

turnkeyforms Text Link Sales Remote Sql inj & xss

A vulnerability exists in turnkeyforms Text Link Sales, which allows an attacker to inject arbitrary SQL commands and execute XSS attacks. This is due to the lack of proper input validation of the 'id' parameter in the 'admin.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.

GS-Real-Estate-Portal SQL Injection Vulnerability

A SQL injection vulnerability exists in GS-Real-Estate-Portal, which allows an attacker to execute arbitrary SQL commands via the 'show_board' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords stored in the database. The vulnerable code can be found in the 'index.php' script, where the 'show_board' parameter is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands.

SlimCMS <= 1.0.0 (edit.php) Remote SQL Injection Exploit

A remote SQL injection vulnerability exists in SlimCMS version 1.0.0 and earlier. The vulnerability is due to insufficient sanitization of user-supplied input in the 'pageID' parameter of the 'edit.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, allowing for the manipulation or disclosure of arbitrary data. This vulnerability can be exploited without authentication.

Turnkeyforms Text Link Sales Auth Bypass Vulnerability

Turnkeyforms Text Link Sales is prone to an authentication bypass vulnerability. This issue is due to a failure in the application to properly authenticate users. An attacker can exploit this issue to gain unauthorized access to the application and perform administrative actions; this may lead to other attacks.

Recent Exploits: