header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

V3 Chat Instant Messenger Cross-Site Scripting and SQL-Injection Vulnerabilities

The V3 Chat Instant Messenger is vulnerable to multiple cross-site scripting and SQL-injection vulnerabilities. These vulnerabilities occur due to a lack of proper input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks. Additionally, successful exploitation can result in the compromise of the application, unauthorized access or modification of data, and exploitation of underlying database vulnerabilities.

Multiple Cross-Site Scripting and SQL-Injection vulnerabilities in V3 Chat Instant Messenger

The V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, steal authentication credentials, and launch other attacks. Additionally, an attacker can compromise the application, access or modify data, and exploit vulnerabilities in the underlying database implementation.

V3 Chat Instant Messenger Cross-Site Scripting and SQL Injection Vulnerabilities

The V3 Chat Instant Messenger application is vulnerable to multiple cross-site scripting (XSS) and SQL injection vulnerabilities. These vulnerabilities occur due to insufficient input sanitization, allowing an attacker to inject malicious script code or SQL queries.

Singapore Gallery Directory Traversal and Cross-Site Scripting Vulnerabilities

The Singapore Gallery application fails to properly sanitize user-supplied input, leading to directory traversal and cross-site scripting vulnerabilities. An attacker can exploit the directory traversal vulnerabilities to retrieve arbitrary files from the vulnerable system. The cross-site scripting vulnerability allows an attacker to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks.

Bind 8.2 DNS tsig Exploit

The code establishes a TCP connection with port 53 of a target system. It makes use of the 'infoleek' bug (through UDP) to obtain the base value of the named process frame stack pointer, which is later used for constructing proper DNS tsig exploit packet. Upon successful exploitation, the assembly routine gets executed. It walks the descriptor table of the exploited named process in a search for the socket descriptor of the previously established TCP connection. Found descriptor is duplicated on stdin, stdout and stderr and /bin/sh is spawned. The use of such an assembly routine allows successful exploitation of the vulnerability in the case when vulnerable DNS servers are protected by tightly configured firewall systems (with only 53 tcp/udp port open).

Kerio Personal Firewall v2.1.4 remote code execution exploit

This exploit allows an attacker to execute remote code on a target system running Kerio Personal Firewall v2.1.4. The exploit takes advantage of a vulnerability in the firewall software and allows the attacker to execute arbitrary code on the target system. The exploit has been tested on Windows XP with SP1.

Kmita FAQ Multiple Input-Validation Vulnerabilities

Kmita FAQ is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Oracle Java ByteComponentRaster.verify() Memory Corruption

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file.

Recent Exploits: