header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Microsoft PowerPoint Remote Vulnerabilities

Three proof-of-concept exploit files have been released for Microsoft PowerPoint. It is unknown if these exploits target newly discovered vulnerabilities or previously disclosed issues. These vulnerabilities may allow remote attackers to cause crashes or execute arbitrary machine code in the context of the affected application.

AdPlug Library Multiple Remote Buffer Overflow Vulnerabilities

The AdPlug library is affected by multiple remote buffer-overflow vulnerabilities. These issues are due to the library's failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers. These issues allow remote attackers to execute arbitrary machine code in the context of the user running applications that use the affected library to open attacker-supplied malicious files.

Ciaran McNally

At the following URL as a student, http://server/blog/external_blog_edit.php, it is possible to remotely add an rss blog. The <link> parameter in an rss feed is vulnerable to javascript injection. This blog post is viewable by everyone on moodle and you can link to it directly. Upon clicking the "Link to original blog entry" link, you get javascript execution. In moodle the "sesskey" parameter holds the session key used to prevent csrf, this isn't unique for every form once logged in so many forms can be submitted using this item. It is available on every page which makes xss quite dangerous in this case. Using a link value of <link>javascript:prompt(document.domain);</link>, this will display a demonstrative prompt as expected. For a live example you can remotely include my blog rss feed. http://makthepla.net/Rss/ My moodle blog post has a <link> value of the foll

Plume CMS Multiple Remote File Include Vulnerabilities

Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows the attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

MKPortal directory traversal vulnerability

MKPortal is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

Softbiz Dating Script SQL Injection Vulnerabilities

Softbiz Dating Script is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Recent Exploits: