header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Cross-Site Scripting Vulnerability in Horde Framework

The Horde Framework application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can inject HTML and script code, which will execute in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials.

Viper Web Portal Remote File Include Vulnerability

Viper Web Portal is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Horde IMP Webmail Client Input-Validation Vulnerabilities

The Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue. These vulnerabilities occur due to the application's failure to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary HTML and script code in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and control over how the site is rendered to users. Other attacks may also be possible.

Buffer Overflow Vulnerability in minigzip

The 'minigzip' tool is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. A local attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.

Apache HTTP Server Tomcat Directory Traversal Vulnerability

The Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability. This vulnerability occurs due to the insufficient sanitization of user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot, potentially exposing sensitive information that could aid in launching further attacks.

Local File Include Vulnerability in Weekly Drawing Contest

The Weekly Drawing Contest is vulnerable to a local file-include vulnerability due to improper sanitization of user-supplied input. Exploiting this vulnerability allows an unauthorized user to view local files on the affected webserver. An attacker can exploit this issue by supplying a specially crafted payload in the 'order' parameter of the 'check_vote.php' script.

Recent Exploits: