header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Remote Heap Buffer Overflow in MailEnable

The 'Professional' and 'Enterprise' editions of MailEnable are prone to a remote heap buffer overflow. The overflow allows the attacker to control the EAX and ECX registers, allowing arbitrary code execution as SYSTEM. If logging is enabled, the request could contain: GET /{4032 x A} HTTP/1.1 or, without logging: GET /{8501 x A} HTTP/1.1.

Multiple Input Validation Vulnerabilities in NukeJokes Module

The NukeJokes module is affected by multiple input validation vulnerabilities. These include multiple SQL injection issues and multiple cross-site scripting vulnerabilities. The vulnerabilities arise due to a failure to properly sanitize user-supplied input, allowing remote attackers to manipulate query logic and potentially gain unauthorized access to sensitive information or execute malicious scripts in the context of the victim user's browser.

Remote Buffer Overflow in DeleGate SSLway Filter

A remote buffer overflow vulnerability has been reported to affect the DeleGate SSLway filter. This filter is employed when DeleGate is applying SSL to arbitrary protocols. The issue presents itself due to a lack of sufficient boundary checks performed, when copying user-supplied certificate field contents. A remote attacker may potentially exploit this issue, to overwrite the return address of the static ssl_prcert() function. The attacker may corrupt any other saved value that is within 768 bytes from the end of the affected buffers. It has been reported that the X509_NAME_oneline() function will perform character conversion on characters below '0x20' or above '0x7e'; this may hinder exploitation of this issue.

SurgeLDAP Web Administration Authentication Bypass Vulnerability

The SurgeLDAP web administration application is prone to an authentication bypass vulnerability, possibly allowing remote attackers manager access. Once administration access is granted, it may be possible for an attacker to modify records in the LDAP database, destroy data, crash the server, or possibly further attacks on other services utilizing SurgeLDAP for its authentication data.

Exim Stack-Based Buffer Overrun Vulnerability

Exim has a remotely exploitable stack-based buffer overrun vulnerability. This vulnerability can be triggered by a malicious email if sender verification is enabled in the agent. It allows for the execution of arbitrary code in the content of the mail transfer agent. The vulnerable functionality is not enabled by default, but may be enabled in some Linux/Unix distributions that ship the software.

PHPX Multiple Administrator Command Execution Vulnerabilities

PHPX is affected by multiple administrator command execution vulnerabilities. These issues allow a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, leading to the execution of attacker-supplied commands with administrator privileges.

Recent Exploits: