header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

XennoBB SQL Injection Vulnerabilities

XennoBB is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

D-Link Devices UPnP SOAP Telnetd Command Execution

Various D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. This module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected.

Bomberclone Remote Information Disclosure and Denial-of-Service Vulnerabilities

Bomberclone is prone to remote information-disclosure and denial-of-service vulnerabilities because it fails to properly sanitize user-supplied input.These issues allow remote attackers to access sensitive information and to crash the application, denying further service to legitimate users.

Denial-of-Service Vulnerability in Microsoft Windows GDI+ Library

The Microsoft Windows GDI+ library 'gdiplus.dll' is prone to a denial-of-service vulnerability because the software fails to handle malformed image files properly. An attacker may leverage this issue to trigger a denial-of-service condition in software implementing the vulnerable library. Other attacks may also be possible.

Router ONO Hitron CDE-30364 – CSRF Vulnerability

The Hitron Technologies CDE-30364 router is prone to CSRF vulnerabilities which allow attackers to change router parameters and perform modifications. The exploit allows enabling/disabling web site blocking and adding new keywords/URLs for blocking. It also allows enabling/disabling the Intrusion Detection System.

Input-validation vulnerabilities in PHP Pro Bid

PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Zimplit CMS multiple vulnerabilities

1. XSS (Reflected): CMS suffers from cross site scripting due to lack of user's input sanitization.Exploit: http://192.168.0.106/zimplit/zimplit.php?action=load&file=[XSS]http://192.168.0.106/zimplit/zimplit.php?action=load&file=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28944002%29%3C%2fScRiPt%3E2. CSRF / Directory traversal: The following URL provides files' lists to attacker. Although it requires authorized user such as admin, with an appropriate javascript exploit an attacker is capable of having administrator's view of vulnerable link.Exploit: http://192.168.0.106/zimplit/zimplit.php?action=listAllFiles&file=[Directory]

D-Link DSL-2740B (ADSL Router) CSRF Vulnerability

The D-Link DSL-2640B's web interface is prone to CSRF vulnerabilities which allows to change router parameters and perform modifications to the router's parameters. The specific changes described in the advisory are disabling/enabling Wireless MAC Address Filter, disabling/enabling all the Firewall protections, and enabling/disabling Remote Management.

Microsoft PowerPoint Multiple Remote Vulnerabilities

Three proof-of-concept exploit files have been released that trigger vulnerabilities in Microsoft PowerPoint. It is currently unknown if these exploits target newly discovered vulnerabilities or exploit previously disclosed issues. These vulnerabilities may allow remote attackers to cause crashes or execute arbitrary machine code in the context of the affected application. Microsoft PowerPoint 2003 is confirmed to be vulnerable.

Recent Exploits: