header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

PoC to crash the server

This is a Proof of Concept (PoC) code that can crash the MyServer 0.7.1 POST server. The exploit sends a POST request to the server with a specially crafted payload that consists of a long string of characters. This payload is designed to cause the server to crash or become unresponsive. The vulnerability allows an attacker to disrupt the normal functioning of the server, potentially leading to service downtime or denial of service.

Acidcat CMS Multiple Vulnerabilities

There are multiple vulnerabilities in Acidcat CMS including SQL Injection, logical vulnerability, XSS, and file upload vulnerability. These vulnerabilities can allow an attacker to gain usernames and encrypted passwords, send emails without permission, login to the site, execute XSS attacks, and upload files.

GOM Player 2.3.90.5360 – Remote Code Execution (RCE)

The IE component in the GOM Player's interface uses an insecure HTTP connection. Since IE is vulnerable to the SMB/WebDAV+ 'search-ms' technique, we can redirect the victim to the page we created with DNS spoofing and execute code on the target. In addition, the URL+ZIP+VBS MoTW bypass technique was used to prevent the victim from seeing any warning in the pop-up window.

EuroTel ETL3100 – Transmitter Authorization Bypass (IDOR)

The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.

EuroTel ETL3100 Transmitter Default Credentials

The TV and FM transmitter uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.

Recent Exploits: