header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Wordpress allows authorised users to add an attachment to a blog post. It does not sanitize provided file properly before moving it to an uploads directory. An attacker can upload a malicious PHP file with a double extension (e.g. file.php.jpg) and execute arbitrary code on the server.

ToutVirtual VirtualIQ Pro Multiple Vulnerabilities

Multiple vulnerabilities has been found which a allow an attacker to conduct various XSS and CSRF attack, and other attacks due to the use of an old an not hardened version of the web server.

Quick Heal Local Privilege Escalation Vulnerability

Quick Heal installs the own program files with insecure permissions (Everyone: Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Quick Heal services) by malicious file and execute arbitrary code with SYSTEM privileges.

PHP <=5.3 - preg_match() full path disclosure

There is a full path disclosure vulnerability concerning the preg_match() php function which allow attackers to gather the real path of the server side script. The preg_match() PHP function takes strings as parameters and will raise warnings when values that are passed are arrays rather then strings. To get the path of the current script, you simply need to pass the arguments as arrays rather then expected strings and then simply read the warning message generated by PHP to see the error including the full path of the current running script.

Advisory]PBBoard <=2.0.2 - Full Path Disclosure

Full Path Disclosure allows attackers to gather the real path of the server side script. Proof of concept: http://www.[xxxxx].com/path/index.php?page=new_topic&index=1&id=union and http://www.[xxxx].com/[path]/index.php?page=search&start=1&keyword=§ion=all&search=1

Palm Pre WebOS <=1.1 JavaScript Injection Attack

The Palm Pre WebOS <=1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device. A specially crafted email can access any file on the Palm Pre WebOS version <=1.1 mobile device and send it to a web site of the attacker's choice just by viewing the email. The Palm Pre WebOS 1.1 and lower will parse and execute JavaScript contained in an email it receives. Exploiting this vulnerability allows an attacker to read/extract any file and post it to a remote website the attacker controls.

Recent Exploits: