header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Stack-based Buffer Overflow in the NES Sound Format Demuxer

xine-lib <= 1.1.12 is prone to a stack-based buffer overflow in the NES Sound Format demuxer(demux_nsf.c). The vulnerability is caused due to a boundary error within the open_nsf_file() and demux_nsf_send_chunk() functions when handling a specially crafted NSF file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a malicious NSF file. A proof-of-concept exploit is available.

Multiple Vulnerabilities in Carbon Communities forum

Carbon Communities is a high powered, fully scalable, and highly customizable online portal, message boards/ bulletin board, discussion hub, Private messaging, Event Calendars, Emails and chat software rolled into one. There is a SQL Injection in 'events.asp?id=[Injection]', 'getpassword.asp' and 'option_Update.asp'. By using it, attacker can gain usernames and passwords, send any password to his/her email address and update member info. There are some XSS in 'login.asp' and 'member_send.asp'.

BS.player 2.27 Build 959 SRT Buffer Overflow

A buffer overflow vulnerability was discovered in BS.player 2.27 Build 959. An attacker can exploit this vulnerability by renaming a movie.srt file with the name of the movie they like, which will cause a buffer overflow and allow the attacker to execute arbitrary code.

Lasernet CMS v1.5 Remote Sql Inj. Vuln.

Lasernet CMS v1.5 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerable parameter is 'new' which is passed to the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements.

BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow (0day)

BigAnt Server Ver 2.2 is vulnerable to a pre-authentication remote SEH overflow. The vulnerable process is AntServer.exe and the offset for SEH overwrite is 954 Bytes. An attacker can exploit this vulnerability by sending a specially crafted packet to the server, which will cause the SEH to be overwritten and allow arbitrary code execution.

Classifieds Caffe (index.php cat_id) Remote SQL Injection

Classifieds Caffe is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Koobi Pro 6.25 poll Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains a malicious SQL query in the 'poll_id' parameter of the 'index.php?p=poll&showresult=1' URL. This can allow an attacker to access sensitive information from the database.

Koobi CMS 4.3.0, 4.2.5, 4.2.4 Multiple Remote SQL Injection

Koobi CMS versions 4.3.0, 4.2.5, and 4.2.4 are vulnerable to multiple remote SQL injection attacks. An attacker can exploit this vulnerability to gain access to the admin data, such as email and password, by sending a malicious SQL query to the vulnerable parameter. The vulnerable parameters are 'galid' in the 'gallery' module, 'categ' in the 'links' and 'downloads' modules.

Recent Exploits: