header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Firefox XMLSerializer Use After Free

This module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.

PHP-Nuke Multiple Remote File-Include Vulnerabilities

The PHP-Nuke application fails to properly sanitize user-supplied input, resulting in multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This can lead to the compromise of the application and the underlying system.

Exploit for BIND 8.2 DNS Server

The code establishes a TCP connection with port 53 of a target system. It makes use of the "infoleak" bug (through UDP) to obtain the base value of the named process frame stack pointer, which is later used for constructing proper DNS tsig exploit packet. Upon successful exploitation, the assembly routine gets executed. It walks the descriptor table of the exploited named process in a search for the socket descriptor of the previously established TCP connection. Found descriptor is duplicated on stdin, stdout and stderr and /bin/sh is spawned. The use of such an assembly routine allows successful exploitation of the vulnerability in the case when vulnerable DNS servers are protected by tightly configured firewall systems (with only 53 tcp/udp port open).

SAP Web Application Server Input-Validation Vulnerability

The SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

HTML Injection Vulnerability in MonoChat

The MonoChat application is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This allows an attacker to inject malicious HTML and script code, which would be executed in the context of the affected website. This could potentially lead to the theft of cookie-based authentication credentials or control over how the site is rendered to the user. Other attacks may also be possible.

Chart Mod Multiple Input-Validation Vulnerabilities

The Chart Mod application is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection vulnerabilities. These vulnerabilities occur due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, steal authentication credentials, or exploit vulnerabilities in the underlying database implementation.

Buffer Overflow Vulnerability in GNU ‘binutils’

The GNU 'binutils' is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Remote attackers may crash the 'strings' utility, potentially making analysis of malicious binaries more difficult. Attackers may also execute arbitrary machine code in the context of applications that use the affected library.

Recent Exploits: