header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Nuked-Klan multiple vulnerabilities

The Nuked-Klan application is prone to multiple vulnerabilities that include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files, and an SQL injection vulnerability. The vulnerability allows attackers to include local files by manipulating the 'user_langue' parameter in the 'index.php' file. An attacker can also create an admin account by overwriting the 'GLOBALS' variable. The provided exploit code demonstrates how an attacker can create an admin account. This vulnerability can lead to unauthorized access and control of the application. The exploit code is written in PHP.

SurgeLDAP Directory Traversal Vulnerability

SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.

Blackboard Learning System multiple cross-site scripting vulnerabilities

The Blackboard Learning System is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to a failure of the application to properly validate user-supplied URI input. The first issue affects the 'addressbook.pl' script, the second issue affects the 'tasks.pl' script, and the third issue affects three URI parameters of the 'calendar.pl' script. Remote attackers can exploit these vulnerabilities by creating a malicious link that includes hostile HTML and script code. If a victim user follows the link, the hostile code may be rendered in their web browser, potentially allowing for theft of authentication credentials or other attacks.

Multiple vulnerabilities in various modules of the application

The application is affected by multiple vulnerabilities in various modules. These vulnerabilities can be exploited by a remote attacker to carry out attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload. The vulnerabilities are present in the following URLs: - messu-read.php?offset=[INT]&flag=&priority=&flagval=&sort_mode=date_desc&find=[XSS] - messu-read.php?offset=[INT]&flag=&priority=&flagval=&sort_mode=[XSS] - messu-read.php?offset=[INT]&flag=&priority=&flagval=[XSS] - messu-read.php?offset=[INT]&flag=&priority=[XSS] - messu-read.php?offset=[INT]&flag=[XSS] - messu-read.php?offset=[XSS]

Multiple vulnerabilities in various modules

These vulnerabilities allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.

Ettercap Stack overflow (CWE-121)

The Ettercap software version 0.7.5.1 and earlier is vulnerable to a stack overflow vulnerability, as identified by CWE-121. This vulnerability allows an attacker to execute arbitrary code or cause a denial of service (DoS) by sending a specially crafted input to the affected software. The vulnerability exists in the `ec_scan.c` file, specifically in the `fscanf` function call at line 633-635. By sending a maliciously crafted input, an attacker can trigger a stack overflow and potentially gain control over the affected system. This vulnerability has been assigned CVE-2012-0722.

Directory Traversal and Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. The specific vulnerability exists in the 1st Class Mail Server version 4.01. However, other versions may also be affected. An attacker can exploit these vulnerabilities by sending a specially crafted request to the affected server, allowing them to traverse directories and execute arbitrary scripts in the context of a victim's browser.

Recent Exploits: