header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

ArbitroWeb Cross-Site Scripting Vulnerability

ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter. The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the proxy to connect to. This parameter is improperly sanitized, and may be used in a cross-site scripting attack. An attacker may craft a URI that contains malicious HTML or script code. If a victim user follows this link, the HTML contained in the affected URI parameter will be executed in the context of the vulnerable site. The attacker could use this vulnerability to steal cookie-based authentication credentials, or perform other types of attacks.

BT Voyager 2000 Wireless ADSL Router Sensitive Information Disclosure

The BT Voyager 2000 Wireless ADSL Router is prone to a sensitive information disclosure vulnerability. 'Public' SNMP MIB community strings, which are world-readable by default, contain sensitive information related to the internal protected network. This vulnerability can be exploited to collect data that can be used in further attacks against the victim network.

SqWebMail Email Header HTML Injection Vulnerability

An email header HTML injection vulnerability exists in SqWebMail due to improper sanitization of user-supplied email header strings. This allows an attacker to inject malicious HTML and script code into email headers, potentially leading to the exploitation of an unsuspecting user's cookie-based authentication credentials.

HTML Injection Vulnerability in DI-614+, DI-704, and DI-624 Routers

An attacker with access to the wireless or internal network segments of the DI-614+, DI-704, and DI-624 routers can craft malicious DHCP hostnames that, when sent to the router, will be logged and can cause unintended changes to the router's configuration. Other attacks may also be possible.

osTicket Remote Command Execution Vulnerability

osTicket is prone to a remote command execution vulnerability. Attachments submitted as part of a support ticket request are stored with a predictable name in a known web accessible location. An attacker can exploit this vulnerability by submitting a malicious attachment and executing arbitrary commands on the affected system.

TildeSlash Monit Buffer Overflow Vulnerability

This vulnerability allows an attacker to execute arbitrary code as the superuser, leading to unauthorized access and privilege escalation. The exploit takes advantage of the insecure handling of usernames in Basic Authentication information to control the execution instruction pointer (EIP) and execute the payload.

rlpr Multiple Vulnerabilities

The application rlpr is prone to multiple vulnerabilities that can allow a remote attacker to execute arbitrary code and gain unauthorized access. The vulnerabilities include a format string vulnerability and a buffer overflow vulnerability. The format string vulnerability occurs due to insufficient sanitization of user-supplied data through the 'msg()' function. The buffer overflow vulnerability occurs due to insufficient boundary checking in the 'msg()' function.

Denial of Service Vulnerability in Multiple ircd Implementations

A denial of service vulnerability exists in multiple ircd implementations. This exists because of an issue with the deallocation of buffers used by rate limiting mechanisms in the ircd. This could result in exhaustion of memory resources on the system running the ircd.

Asterisk Format String Vulnerabilities

Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these vulnerabilities to corrupt memory, and read or write arbitrary memory. Remote code execution is likely possible. Due to the nature of these vulnerabilities, there may exist many different avenues of attack. Anything that can potentially call the logging functions with user-supplied data is vulnerable.

IBM acpRunner ActiveX Control Remote Code Execution

The IBM acpRunner ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a malicious website and may result in the silent installation of a malicious executable. A remote attacker may exploit this vulnerability in order to silently install a malicious executable on an affected system.

Recent Exploits: