header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

phpSysInfo Multiple Input Validation Vulnerabilities

phpSysInfo is prone to multiple input validation vulnerabilities, including cross-site scripting (XSS), HTTP response splitting, and arbitrary local file inclusion. These vulnerabilities are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to steal cookie-based authentication credentials, aid in phishing attacks, retrieve privileged or sensitive information, and perform other attacks.

Sudo Security Bypass Vulnerability

Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment variables when tainting is ignored. An attacker can exploit this vulnerability to bypass security restrictions and include arbitrary library files.

RealPlayer and RealOne Player Remote Stack-Based Buffer Overflow

The RealPlayer and RealOne Player applications are prone to a remote stack-based buffer-overflow vulnerability. This vulnerability occurs when parsing RM (Real Media) files, and can be exploited by a remote attacker to execute arbitrary code and gain unauthorized access. The exploit uses a seh overwrite method, which takes advantage of the SEH being placed in multiple locations over different OS's, making it universal. The exploit includes a bindshell on port 13579.

Bifrost 1.2.1 Exploit

The Bifrost 1.2.1 exploit is a buffer overflow vulnerability that allows an attacker to execute arbitrary code on a remote system. The vulnerability exists in the 'header' function, which is called when generating the header for a Bifrost connection. By sending a specially crafted request, an attacker can overwrite the return address of the function and gain control of the execution flow. This exploit uses a combination of techniques, including RC4 encryption and shellcode injection, to bypass security measures and achieve remote code execution.

Directory Traversal Vulnerability in File Transfer

File Transfer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary files outside of the application's root directory. This can expose sensitive information that could help the attacker launch further attacks.

phpBP <= RC3 (2.204) (sql/cmd) Remote Code Execution Exploit

This exploit allows an attacker to execute remote code on a phpBP RC3 (2.204) server. The vulnerability is caused by a SQL injection and command injection vulnerability in the phpBP script. To successfully exploit this vulnerability, the attacker needs to have an admin session.

Recent Exploits: