header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Cross-Site Scripting in Virtual Hosting Control System

The vulnerability arises when error messages are rendered and could let an attacker inject hostile HTML and script code into the browser session of another user in the context of the site hosting the application. This could allow for theft of cookie-based authentication credentials or other attacks.

WinAmp Pointer Issues

An invalid pointer dereference vulnerability has been identified in WinAmp v5.63. The application loads the contents of the %APPDATA%WinAmplinks.xml on startup and while browsing through the bookmarks in the Browser view of the GUI, but does not properly validate the length of the string loaded from the "<link name>" and "<home url>" keys before using them in a pointer call in the library gen_ff.dll, which leads to an invalid pointer dereference condition with possible code execution. An attacker needs to force the victim to place an arbitrary links.xml file into the target directory in order to exploit the vulnerability. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploits will result in a denial-of-service condition.

Machform form maker – Multiple Vulnerabilities

The Machform form maker has multiple vulnerabilities, including arbitrary file upload, MySQL injection (error based), and XSS. The arbitrary file upload vulnerability allows an attacker to upload files to the server. The MySQL injection vulnerability allows an attacker to execute malicious SQL queries. The XSS vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. These vulnerabilities can be exploited by an attacker to gain unauthorized access to the system, steal sensitive information, or perform other malicious activities.

Input-Validation Vulnerabilities in OTRS

OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection vulnerability, and multiple cross-site scripting vulnerabilities.

Cisco PIX Denial-of-Service Vulnerability

Cisco PIX is susceptible to a remote denial-of-service vulnerability when handling certain TCP SYN packets. This issue allows attackers to temporarily block network traffic to arbitrarily targeted TCP services. By repeating the attack, a prolonged denial-of-service condition is possible.

PHP-Post Multiple Cross-Site Scripting Vulnerabilities

PHP-Post is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. The attacker may also be able to steal cookie-based authentication credentials and launch other attacks.

PHP-Post Cross-Site Scripting Vulnerabilities

The PHP-Post application fails to properly sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially stealing authentication credentials and launching further attacks.

PHP Download Manager SQL Injection Vulnerability

The PHP Download Manager application fails to properly sanitize user-supplied input before using it in an SQL query. This allows an attacker to inject malicious SQL code through the 'cat' parameter in the 'files.php' script. Successful exploitation of this vulnerability could lead to a compromise of the application, unauthorized access to or modification of data, or the exploitation of other vulnerabilities in the underlying database implementation.

Recent Exploits: