header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

phpBugTracker Multiple Input Validation Vulnerabilities

Multiple input validation vulnerabilities in phpBugTracker allow remote attackers to execute arbitrary SQL commands via the (1) bugid parameter in bug.php, or execute arbitrary script code via the (2) op parameter in bug.php or (3) op parameter in user.php.

Multiple Input Validation Vulnerabilities in phpBugTracker

phpBugTracker is prone to multiple input validation vulnerabilities, including SQL injection, cross-site scripting, and HTML injection. These vulnerabilities are a result of the application failing to properly sanitize user-supplied input. The SQL injection vulnerabilities can allow remote attackers to manipulate query logic, potentially leading to unauthorized access to sensitive information or database corruption. The cross-site scripting and HTML injection vulnerabilities can allow attackers to execute arbitrary script code in the browser of unsuspecting users, potentially stealing authentication credentials and other sensitive information.

Remote Denial of Service Vulnerability in Microsoft Outlook and Outlook Express

A remote attacker can exploit a vulnerability in Microsoft Outlook and Outlook Express by sending a malicious email containing a NULL character in the message body. This can cause the GUI to stop responding, resulting in a denial of service condition for users.

Zaep AntiSpam Cross-Site Scripting Vulnerability

Zaep AntiSpam is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

Neon Client Library Multiple Remote Format String Vulnerabilities

The Neon client library is prone to multiple remote format string vulnerabilities. This is due to a failure of the application to properly implement format string functions. An attacker can exploit these vulnerabilities to execute arbitrary code on the affected system, in the security context of the server process.

PHP-Nuke Multiple SQL Injection Vulnerabilities

The PHP-Nuke application is vulnerable to multiple SQL injection vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user input. An attacker can exploit these vulnerabilities to modify database queries and potentially gain unauthorized access to sensitive information. Two specific examples of the exploits are provided in the report.

Inmatrix Ltd. Zoom Player Crafted JPEG File Memory Corruption and Arbitrary Code Execution Exploit

This exploit targets a vulnerability in Inmatrix Ltd. Zoom Player v8.5. By crafting a malicious JPEG file, an attacker can trigger a memory corruption issue and execute arbitrary code on the targeted system.

PHP-NuKe Remote Cross-Site Scripting Vulnerability

PHP-NuKe is vulnerable to a remote cross-site scripting (XSS) vulnerability. The vulnerability is caused by the 'cookiedecode()' function failing to properly sanitize user-supplied cookie parameters. This allows a remote attacker to create a malicious link that includes hostile HTML and script code. If a victim user follows this link, the hostile code may be rendered in their web browser, potentially leading to the theft of cookie-based authentication credentials or other attacks.

Recent Exploits: