header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Multiple Vulnerabilities in WebCalendar

Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilities, an HTTP response splitting vulnerability, and two authentication bypass vulnerabilities are reported to exist in many different scripts in the affected application.

Multiple Vulnerabilities in Image Handling Functionality in Browsers

The vulnerabilities in the image handling functionality through the <IMG> tag can allow remote attackers to determine the existence of local files, cause a denial of service condition, and disclose passwords for Windows systems via file shares.

Local Resource Enumeration Vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet Explorer behavior may reveal the existence of local files. An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.

Multiple Denial of Service Vulnerabilities in 602 LAN SUITE

602 LAN SUITE is prone to multiple remote denial of service vulnerabilities. The first vulnerability allows an attacker to consume CPU and memory resources on a target server due to a lack of sanity checking before memory allocation. The second vulnerability is related to the telnet proxy requests handling, where the proxy does not perform sufficient sanity checks on the destination IP, allowing a remote attacker to exhaust all available sockets on the target computer.

ScanMail for Domino Sensitive Configuration File Disclosure Vulnerability

ScanMail for Domino is prone to a vulnerability that may allow sensitive configuration files to be disclosed to remote attackers. A successful attack may allow an attacker to disclose sensitive information and disable antivirus protection on a gateway, allowing potentially malicious email messages to reach internal users. This issue may result in a malicious code infection.

Lithtech Game Engine Multiple Format String Vulnerabilities

Lithtech game engine is prone to multiple remote format-string vulnerabilities because of incorrect usage of 'printf()'-type functions. Format specifiers can be supplied directly to vulnerable functions from external data. A denial-of-service condition arises when a vulnerable server handles a malformed request. Exploiting these issues may also allow an attacker to write to arbitrary process memory and potentially execute code. Any code executed through this vulnerability could potentially run with the privileges of the server.

TIPS MailPost Remote File Enumeration Vulnerability

The TIPS MailPost application is affected by a remote file enumeration vulnerability. This vulnerability arises due to the application's failure to properly sanitize user requests. An attacker can exploit this vulnerability to gain knowledge of the existence of files outside the Web root directory. By accessing the URL 'http://www.example.com/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com', an attacker can enumerate the contents of the 'winnt/system.ini' file, which can then be used to facilitate further attacks.

MailPost Cross-Site Scripting Vulnerability

The MailPost application is prone to a cross-site scripting vulnerability. This allows an attacker to execute arbitrary HTML and script code in a user's browser by injecting malicious code through insufficiently sanitized user-supplied data. The vulnerability can be exploited to steal cookie-based authentication credentials or launch other attacks.

Klinza Professional CMS <= 5.0.1 Remote File Include Exploit

The Klinza Professional CMS version 5.0.1 is vulnerable to a remote file inclusion vulnerability in the show_hlp.php file. An attacker can exploit this vulnerability to include a remote file and execute arbitrary code on the target system.

Recent Exploits: