header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

PHP Shell Escape Functions Command Execution Vulnerability

PHP is prone to a command execution vulnerability in its shell escape functions due to a failure to properly sanitize function arguments. This vulnerability allows an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server, potentially leading to unauthorized access.

FoolProof Password Recovery Vulnerability

An unprivileged user can recover the administrative password for FoolProof application by manipulating the password recovery algorithm. This allows the attacker to gain unauthorized administrative access to the application.

Flaw handling server responses in Colin McRae Rally 2004

Colin McRae Rally 2004 has a flaw in handling server responses when entering the multiplayer menu. An attacker can mimic a server and send an invalid response to crash the client game, denying service to legitimate users.

CSLH HTML Injection Vulnerabilities

CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help.

SquirrelMail ‘from’ Field Email Header HTML Injection Vulnerability

The vulnerability allows an attacker to inject malicious HTML code into the 'from' field email header, potentially leading to unauthorized access to user's cookie-based authentication credentials and disclosure of personal email. Other attacks are also possible.

PHP-Nuke Direct Script Access Security Vulnerability

PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue will allow an attacker to gain access to sensitive scripts such as the 'admin.php' script. The attacker may be able to exploit this unauthorized access to carry out attacks against the affected application.

TinyWeb Server Unauthorized Script Disclosure Vulnerability

TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will allow an attacker to download or view scripts residing in the 'cgi-bin' directory.

Recent Exploits: