header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Multiple vulnerabilities in PostNuke Phoenix

Multiple path disclosure vulnerabilities that occur when a user directly requests scripts in the '/includes/blocks/' and 'pnadodb' directories. This issue also affects scripts that are associated in multiple modules.Multiple cross-site scripting vulnerabilities were reported in the Downloads and Web_Links modules as well as the openwindow.php script. These issues may permit remote attackers to cause hostile HTML and script code to be interpreted by a victim user's browser.

Multiple vulnerabilities in phProfession

Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting, and SQL injection vulnerabilities were reported. Exploitation of these issues may reveal sensitive information, allow for account hijacking, content manipulation, and attacks against the underlying database.

Multiple vulnerabilities in phProfession module for PostNuke

Multiple vulnerabilities were reported in phProfession module for PostNuke. These vulnerabilities include path disclosure, cross-site scripting, and SQL injection. Exploitation of these vulnerabilities can lead to sensitive information disclosure, account hijacking, content manipulation, and attacks against the underlying database.

TCP Session Reset Vulnerability

A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. Exploiting this issue may permit remote attackers to more easily approximate TCP sequence numbers. The problem is that affected implementations will accept TCP sequence numbers within a certain range of the expected sequence number for a packet in the session. This will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing denial-of-service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated sequence number and a forged source IP and TCP port. Few factors may present viable target implementations, such as implementations that depend on long-lived TCP connections, have known or easily guessed IP address endpoints, or have known or easily guessed TCP source ports.

Remote Buffer Overflow in Serv-U

The Serv-U application is affected by a remote buffer overflow vulnerability in the list parameter. This vulnerability arises due to a lack of proper validation of buffer boundaries during the processing of user input. Successful exploitation of this vulnerability can lead to a denial of service condition and potentially allow an attacker to execute arbitrary code on the affected system with the privileges of the user running the vulnerable application.

utempter local vulnerabilities

The first issue is an input validation error that allows for symbolic link attacks, potentially leading to corruption of system files. The second issue is a failure to properly validate buffer boundaries, which may result in crashes and potentially allow for arbitrary code execution.

Phorum Remote SQL Injection Vulnerability

Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. This issue may allow a remote attacker to manipulate query logic, leading to unauthorized access to sensitive information such as the user password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

Recent Exploits: