header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Fastgraf’s whois.cgi Exploit

This script exploits a vulnerability in Fastgraf's whois.cgi script, allowing an attacker to execute arbitrary commands on the target server. By sending a specially crafted POST request, the attacker can inject a command in the 'host' parameter and execute it on the server. The script then captures the output of the command and displays it. This vulnerability was discovered by Marco van Berkum and the script can be found on his homepage at http://ws.obit.nl.

Cross-Site Scripting in Invision Power Board ‘ssi.php’ script

The 'ssi.php' script in Invision Power Board is prone to a cross-site scripting vulnerability. This vulnerability occurs due to a lack of sufficient sanitization in the 'ssi.php' script when processing the user-influenced 'f' parameter. An attacker can exploit this vulnerability to steal cookie-based authentication credentials and potentially perform other malicious activities.

Cross-site scripting vulnerability in Linksys Web Camera software

The Linksys Web Camera software is prone to a cross-site scripting vulnerability that may allow a remote attacker to steal cookie-based authentication credentials or carry out other attacks. The vulnerability occurs when an attacker passes malicious HTML or script code to the application via the 'next_file' parameter of the 'main.cgi' script.

WinAgents TFTP Server Remote Off-by-One Buffer Overrun Vulnerability

The WinAgents TFTP Server is prone to a remote off-by-one buffer overrun vulnerability. The issue occurs due to a lack of sufficient boundary checks performed on filenames when a request is made for a file. A remote attacker can exploit this vulnerability by sending a malicious request with a filename of excessive length, triggering the vulnerability and resulting in a denial of service.

PHP-Nuke Multiple Vulnerabilities

PHP-Nuke is prone to multiple vulnerabilities including cross-site scripting (XSS) in the 'Faq', 'Encyclopedia', and 'Reviews' modules, SQL injection in the 'Reviews' module, and a remote denial of service (DoS) vulnerability in the score subsystem of the 'Review' module. These vulnerabilities occur due to insufficient sanitization of user-supplied data, allowing remote attackers to execute malicious code, modify database queries, and deny service to legitimate users.

Multiple vulnerabilities in PHP-Nuke

PHP-Nuke is prone to multiple vulnerabilities including cross-site scripting issues in the 'Faq', 'Encyclopedia', and 'Reviews' modules, an SQL Injection vulnerability in the 'Reviews' module, and a remote denial of service vulnerability in the score subsystem of the 'Review' module. These vulnerabilities are caused by insufficient sanitization of user-supplied data, allowing attackers to execute malicious code, modify database queries, and deny service to legitimate users.

URI Obfuscation Vulnerability in Microsoft Internet Explorer and Opera

An attacker can obfuscate the URI of a link in Microsoft Internet Explorer and Opera, which can lead to the impersonation of legitimate websites and the theft of sensitive information from users. This vulnerability allows an attacker to redirect users to an attacker-controlled site.

Blackboard Digital Dropbox File Download Vulnerability

Blackboard allows users to download files posted in the 'Digital Dropbox' without proper authorization. The application does not verify the requester's authorization, allowing anyone with the URI to download the file. An attacker can exploit this vulnerability to access potentially sensitive information.

Recent Exploits: