header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Exploit

The vulnerable code is in the ajax_save_name.php file of FreeWebshop version 2.2.9 R2. The code allows an attacker to manipulate the $selectedDocuments array, which is then displayed at line 50. This manipulation can lead to remote code execution.

Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow

This module exploits a vulnerability found in Aviosoft Digital TV Player Pro version 1.x. An overflow occurs when the process copies the content of a playlist file on to the stack, which may result in arbitrary code execution under the context of the user.

LabWiki <= 1.1 Multiple Vulnerabilities

LabWiki <= 1.1 is affected by multiple vulnerabilities, including a shell upload vulnerability and multiple cross-site scripting vulnerabilities. The shell upload vulnerability allows an attacker to upload a malicious file disguised as an image. The cross-site scripting vulnerabilities allow an attacker to inject and execute arbitrary scripts on the LabWiki web pages.

Aviosoft Digital TV Player Professional 1.x Stack Buffer Overflow

This exploit allows an attacker to execute arbitrary code by sending a specially crafted playlist file to Aviosoft Digital TV Player Professional 1.x. The exploit takes advantage of a stack buffer overflow vulnerability in the software.

Oracle Hyperion Strategic Finance Client 12.x Tidestone Formula One WorkBook OLE Control TTF16 (6.3.5 Build 1) SetDevNames() Remote Heap Overflow poc

This is a proof of concept exploit for a remote heap overflow vulnerability in the Oracle Hyperion Strategic Finance Client 12.x Tidestone Formula One WorkBook OLE Control TTF16 (6.3.5 Build 1). The vulnerability can be triggered by calling the SetDevNames() function. The exploit is 99% stable and does not require DEP (Data Execution Prevention) to be enabled. The vulnerability may also affect other products, but version 6.1 seems to be not vulnerable. More details about the exploit can be found at the provided link.

Ajax File and Image Manager v1.0 Final Remote Code Execution Vulnerability

The vulnerable code is located in /ajaxfilemanager/ajax_create_folder.php. The script starts output buffering at line 11 and then calls the 'displayArray' function to display the $_POST array content. At line 13, the 'writeInfo' function is called with the current buffer content as a parameter. The 'writeInfo' function writes the parameter data into a file called 'data.php' without any check, allowing an attacker to inject and execute arbitrary PHP code.

Recent Exploits: