header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Local File Inclusion Vulnerability in phpMyAdmin 2.6.4-pl1

A local file inclusion vulnerability exists in phpMyAdmin 2.6.4-pl1. An attacker can exploit this vulnerability to include arbitrary files from the local system, which can lead to remote code execution. The vulnerability is due to insufficient sanitization of user-supplied input to the 'usesubform[1]' and 'usesubform[2]' parameters in the 'grab_globals.lib.php' script.

Cyphor 0.19 SQL Injection/board takeover

Cyphor 0.19 (possibly prior versions) is vulnerable to SQL injection and board takeover. This exploit requires the attacker to make changes in php.ini such as allow_call_time_pass_reference = on and register_globals = on. The attacker can then launch the script from Apache, fill the requested fields, and send themselves any user/admin password.

Virtools <= 3.0.0.100 buffer-overflow and directory traversal bugs

Virtools is prone to a buffer-overflow and directory traversal vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application or to access sensitive information. Successful exploits may allow attackers to gain unauthorized access.

Microsoft Internet Explorer Long Escape() Buffer Overflow

Georgi Guninski discovered a buffer overflow in Microsoft Internet Explorer. The vulnerability is caused due to an error in the handling of overly long escape() strings. This can be exploited to cause a stack-based buffer overflow via a malicious web page.

RealPlayer and Helix Player Remote Format String Exploit

There is a remotly exploitable format string vulnerability in the latest Helix Media Player suit that will allow an attacker the possibility to execute malicious code on a victims computer. The exploit code will execute a remote shell under the permissions of the user running the media player, and effects all versions of RealPlayer and Helix Player. The bug is exploitable by abusing media, including .rp (relpix)and .rt (realtext) file formats.

FreeBSD Qpopper poppassd latest version local r00t exploit by kcope

This exploit takes advantage of a vulnerability in the Qpopper poppassd service on FreeBSD 5.4-RELEASE. It creates a malicious shared library and sets it in the /etc/libmap.conf file, which is then used by the poppassd service to gain root privileges.

Linux Qpopper poppassd latest version local r00t exploit by kcope

This exploit is a local privilege escalation vulnerability in the Linux Qpopper poppassd service. It allows a local user to gain root privileges by exploiting a flaw in the poppassd service. The exploit works by creating a shared library file with a malicious _init() function, which is then loaded by the poppassd service. This malicious library file then executes a setuid shell, which gives the user root privileges.

Recent Exploits: