header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Geany 0.18 Local File Overwrite Exploit

Geany 0.18 is vulnerable to a local file overwrite attack due to its lack of defense against symbolic links when writing the run script used for executing files after compilation. An attacker can create a symbolic link in the working directory, which can be used to overwrite an important file with the contents of the run script. This can be done by creating a symbolic link from /tmp/geany_run_script.sh to /home/linux/important, compiling a program with Geany, and executing the program with Geany.

Joomla Components com_recerca (ansubdepartments_id) SQL Injection Vulneralbility

This exploit is related to Joomla Components com_recerca (ansubdepartments_id) SQL Injection Vulnerability. It allows an attacker to extract data from the database by exploiting a vulnerability in the web application. The exploit uses a HTTP GET request to send malicious SQL queries to the database server and extract data from it.

DSECRG-09-048

Multiple security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS). Multiple Linked Stored XSS vulnerabilities found in script support_param.html/config. Attacker can inject XSS in parameters 'Product_URL' and 'Tech_URL'. After applying support parameters configuration (parameter 'Apply') script code will inject in support page (support.htm).

httpdx web server 1.4 Remote Buffer Overflow

httpdx web server 1.4 is vulnerable to a remote buffer overflow using long GET requests such as http://www.example.com/aaa=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... The vulnerability lies in httpdx_src/http.cpp in h_handlepeer() : strcpy(index,client->filereq). An exploit (0day) is provided which is tested with httpdx 1.4 on WinXP SP3.

Powered by Search Optics Automotive Internet Marketing

The vulnerability exists due to insufficient filtration of user-supplied data in the "viewID" parameter in the "inventory.php" script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the application database. This can be exploited to bypass authentication and gain access to the application.

Directory Traversal, Cookie XSS, XSRF and LFI Vulnerabilities in Quick.Cart

Directory Traversal vulnerability can be exploited by appending a malicious file path to the URL. Cookie XSS vulnerability can be exploited by changing the cookie “sLogin” and inserting XSS code. XSRF vulnerability can be exploited by submitting a malicious form to the server. LFI vulnerability can be exploited by passing malicious parameters to the script.

EZRecipeZee CMS Remote File Inclusion

EZRecipeZee CMS is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. This can allow an attacker to gain access to the server and execute arbitrary code.

Recent Exploits: