header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

OmniHTTPD GET Request Buffer Overflow

OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue occurs due to a failure of the application to properly validate string sizes when processing user input. An attacker could exploit this vulnerability to execute arbitrary code with the privileges of the affected web server.

Buffer Overflow Vulnerability in ActiveState Perl and Perl for cygwin

A buffer overflow vulnerability exists in ActiveState Perl and Perl for cygwin due to a lack of sufficient bounds checking on data passed to the Perl system() function call. This vulnerability allows an attacker to manipulate the execution flow of a vulnerable Perl script and execute arbitrary code. The arbitrary code execution occurs within the context of the user running the malicious Perl script.

PHP-Nuke File Include Vulnerability

The PHP-Nuke application is prone to a potential file include vulnerability. This vulnerability allows a remote attacker to include malicious files that contain arbitrary code, which can be executed on a vulnerable system. The vulnerability is exploited by manipulating the 'modpath' parameter in the application's URL.

osCommerce Directory Traversal Vulnerability

osCommerce has a directory-traversal vulnerability that allows a remote attacker to possibly obtain sensitive information. The software improperly sanitizes user-supplied input and allows '../' directory-traversal character sequences when serving files. This allows the attacker to access files outside of the application document root, potentially allowing the attacker to view files that contain sensitive information or aid them in further attacks on the computer.

Microsoft Windows XP Folder Automatic Execution Vulnerability

A vulnerability in Windows Explorer allows for the automatic execution of executable content when a folder is accessed. This can be exploited by malicious actors to run code in the context of the logged-in user. Opening a folder is typically considered safe, making this vulnerability particularly dangerous. The issue can also be exploited remotely if the malicious folder is accessed from an SMB share. A proof-of-concept exploit has been provided that demonstrates the execution of NetMeeting and installation of a keylogger on a vulnerable system.

VBulletin Software Spoofing Vulnerability

A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of user-supplied data. Remote attackers may potentially exploit this issue, by convincing a VBulletin administrator to follow a specially crafted URI. The URI would contain a URI to a remote attacker owned HTML page as a value for the affected parameter of the 'index.php' script. If the administrator were to follow this link, part of the VBulletin user interface may be spoofed by the attacker.

Race-condition vulnerability in wget utility

The 'wget' utility has a race-condition vulnerability where it does not lock files that it creates and writes to during file downloads. This vulnerability can be exploited by a local attacker to corrupt files with the privileges of the victim who is running the vulnerable version of wget.

TurboTrafficTrader C Input Sanitization Vulnerability

TurboTrafficTrader C does not properly sanitize user input, allowing remote attackers to launch cross-site scripting and HTML injection attacks. The cross-site scripting issues allow attackers to create malicious links that execute hostile code in the victim's web browser. The HTML injection issues allow attackers to post malicious code that is later rendered in the web browser of other visitors to the affected site. These attacks can lead to theft of authentication credentials and other possible attacks.

Mac OS X help: Protocol Remote Code Execution Vulnerability

The vulnerability exists due to the 'help:' protocol implemented by the Mac OS X help application. The 'help:' protocol can be invoked remotely by the Safari web browser, allowing an attacker to craft a malicious link and entice a user to follow the link in order to execute script code via the help application. This can be exploited to execute arbitrary code with minimal user interaction.

LHA Multiple Vulnerabilities

The vulnerabilities in LHA allow a malicious archive to execute arbitrary code or corrupt arbitrary files when the archive is operated on. These issues are triggered in the 'extract_one()' function due to a failure of the application to properly validate string lengths in offending files. The exploit code provided creates an archive that, when decompressed with LHA-1.14, will cause a buffer overflow. The exploit utilizes the return-into-libc technique to execute system commands and exit. Specific addresses for the system function, exit function, and /tmp/lhXXXXXX string inside the exploit binary need to be obtained and placed in the code in little endian order.

Recent Exploits: