header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow

This module exploits a vulnerability found in DATAC Control International RealWinSCADA Server 2.1 and below. By supplying a specially crafted On_FC_BINFILE_FCS_*FILEpacket via port 910, RealWin will try to create a file (which would be saved toC:Program FilesDATACReal WinRW-versionfilename) by first copying the user-supplied filename with a inline memcpy routine without proper bounds checking, whichresults a stack-based buffer overflow, allowing arbitrary remote code execution.Tested version: 2.0 (Build 6.1.8.10)

SUBRION CMS multiple vulnerabilities

There are multiple vulnerabilities in Subrion CMS. The first vulnerability allows attackers to bypass authentication and gain access to the admin panel using a specific username and password. The second vulnerability is a persistent XSS vulnerability in the title field of the Poll module and Manage pages. Attackers can inject malicious code into the title field, which will be executed when the page is viewed by other users. Additionally, other products like Auto Classifieds, Articles Script, Real estate script, and Web directory that run on the same CMS are also vulnerable.

The KMPlayer 3.0.0.1440 .mp3 Buffer Overflow Exploit (Win7 + ASLR bypass)

This exploit takes advantage of a buffer overflow vulnerability in The KMPlayer version 3.0.0.1440. It specifically bypasses the ASLR protection on Windows 7. The exploit is in the form of a specially crafted .mp3 file that triggers the buffer overflow when opened in the vulnerable software.

Pacer Edition CMS 2.1 (rm) Remote Arbitrary File Deletion Exploit

Input passed to the 'rm' parameter in modules/code/syntax_check.php is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the web server via directory traversal sequences passed within the 'rm' parameter.

7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow

This module exploits a vulnerability found on 7-Technologies IGSS 9. By supplying a long string of data to the 'Rename' (0x02), 'Delete' (0x03), or 'Add' (0x04) command, a buffer overflow condition occurs in IGSSdataServer.exe while handing an RMS report, which results arbitrary code execution under the context of the user. The attack is carried out in three stages. The first stage sends the final payload to IGSSdataServer.exe, which will remain in memory. The second stage sends the Add command so the process can find a valid ID for the Rename command. The last stage then triggers the vulnerability with the Rename command, and uses an egghunter to search for the shellcode that we sent in stage 1. The use of egghunter appears to be necessary due to the small buffer size, which cannot even contain our ROP chain and the final payload.

Xitami Web Server 2.5 Remote Buffer Overflow (Egghunter)

This exploit targets Xitami Web Server 2.5 and utilizes a remote buffer overflow vulnerability. The exploit sends a payload to the target server and checks for a shell on port 1337. Once the shell is established, the attacker gains control of the target system.

Recent Exploits: