header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Multiple Vulnerabilities in CA eTrust Security Command Center and eTrust Audit

The vulnerabilities in CA eTrust Security Command Center (eSCC) and eTrust Audit include an information-disclosure issue, an arbitrary-file-deletion issue, and a replay issue. These vulnerabilities are due to the software's failure to validate user input and design errors in handling user permissions and secure data-transmission protocols. An attacker can exploit these vulnerabilities to access sensitive information, delete arbitrary files, and carry out external replay attacks.

PHP-Post Input Validation Vulnerabilities

PHP-Post is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, or include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. Other attacks are also possible.

NX5Linkx SQL Injection Vulnerabilities

NX5Linkx is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker may be able to exploit these issues to modify the logic of SQL queries. Successful exploits may allow the attacker to compromise the software, retrieve information, or modify data; other consequences are possible as well.

vd_proftpd.pm – Metasploit module for ProFTPD stack overflow

This is a proof of concept exploit for src/support.c:sreplace stack overflow. The off-by-one heap overflow bug in proftpd's sreplace function has been discovered about 2 (two) years ago by Evgeny Legerov. We tried to exploit this off-by-one bug via MKD command, but failed. We did not work on this bug since then. Actually, there are exists at least two bugs in sreplace function, one is the mentioned off-by-one heap overflow.

Buffer Overflow (Long transporting mode) Vulnerability Exploit

This is just a DoS exploiting code. A vulnerability has been identified in 3CTftpSvc TFTP Server, which could be exploited by attackers to execute arbitrary commands or cause a denial of service. This flaw is due to a buffer overflow error when handling an overly long transporting mode (more than 470 bytes) passed to a "GET" or "PUT" command, which could be exploited by malicious users to compromise a vulnerable system or crash an affected application.

MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution

This module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.

Recent Exploits: