header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Telepark Wiki Multiple Remote Vulnerabilities

There is an interesting vulnerability in the commenting system of the Telepark Wiki, even guests can comment in this wiki. The vulnerability is present in the /ajax/addComment.php file, where an attacker can upload a shell or execute remote commands. There is also a local file inclusion and admin password disclosure vulnerability present in the getjs.php, getcsslocal.php, and upload.php files. The vendor has patched all the vulnerabilities and the fixes can be seen in the “FIXED” section of the code.

HP Power Manager Administration Universal Buffer Overflow Exploit

HP Power Manager Administration Universal Buffer Overflow Exploit is a buffer overflow vulnerability that affects HP Power Manager Administration. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted HTTP request. The vulnerability is caused due to a boundary error within the handling of HTTP requests. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.

Novell eDirectory 8.8 SP5 iConsole BOF

This exploit is for Novell eDirectory 8.8 SP5 iConsole. It was found by Hellcode Labs and the original POC was provided by SecurityFocus. It was coded by Matteo Memelli of Offensive Security. It is a buffer overflow exploit which uses Msf::Encoder::PexAlphaNum with a final size of 709 bytes. It uses a GET request to send the malicious payload to the vulnerable server.

Unauthenticated Access to Admin Page

This vulnerability allows an attacker to access the admin page without authentication. The attacker can pass parameters to the page and access the page without any authentication. The vulnerability can be patched by adding a line of code to check if the request URI contains the admin page and exit if it does.

Microsoft Windows SMBv2.0 Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Microsoft Server Message Block 2.0 (SMBv2) protocol due to improper handling of certain requests. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Cross-Site Scripting (XSS) in ReqWebHelp

Cross-Site Scripting (XSS) vulnerability in ReqWebHelp allows remote attackers to inject arbitrary web script or HTML via the operation parameter in workingSet.jsp, the searchWord parameter in searchView.jsp, the maxHits parameter in searchView.jsp, the scopedSearch parameter in searchView.jsp, and the scope parameter in searchView.jsp.

VBS Buffer Overflow

This exploit is a VBS Buffer Overflow vulnerability. It is caused by a lack of boundary checks when handling user-supplied input. This allows an attacker to overwrite the memory of the application, potentially leading to code execution. This vulnerability affects applications that use VBS and do not properly validate user-supplied input.

Recent Exploits: