header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Buffer overflow vulnerability in GetGo Download Manager proxy options 5.3.0.2712

A buffer overflow vulnerability exists in GetGo Download Manager proxy options 5.3.0.2712, where a maliciously crafted response from a proxy can trigger an overflow. The victim must have a proxy selected in order to be vulnerable. The attacker can set the proxy IP of the host running the script and set the port of the proxy on GetGo under proxy settings. When the victim downloads any page or file, the program incorrectly parses the response and passes the request to the malicious host, triggering the overflow.

GPS-SERVER.NET SAAS CMS <=3.0 Multiple Vulnerabilities

The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing. Login, signup and other common incidents are logged into a PHP file in /logs/ directory with the given input. The vulnerable parameter is "page" which is used to include files from /pages/ directory. The parameter is not sanitized and can be used to include remote files.

Xplico Remote Code Execution

This module exploits command injection vulnerability. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. The specific flaw exists within the Xplico, which listens on TCP port 9876 by default. The goal of Xplico is extract from an internet traffic capture the applications data contained. There is a hidden end-point at inside of the Xplico that allow anyone to create a new user. Once the user created through /users/register endpoint, it must be activated via activation e-mail. After the registration Xplico try to send e-mail that contains activation code. Unfortunetly, this e-mail probably not gonna reach to the given e-mail address on most of installation. But it's possible to calculate exactly same token value because of insecure cryptographic random string generator function usage. One of the feature of Xplico is related to the parsing PCAP files. Once PCAP file uploaded, Xplico execute an operating system command in order to calculate checksum of the file. Name of the for this operation is direclty taken from user input and then used at inside of the command without proper input validation.

Linksys WVBR0-25 User-Agent Command Execution

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in version < 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.

Spectre Attack

Spectre is a vulnerability that affects modern microprocessors that perform branch prediction. It allows an attacker to potentially read all memory, including memory allocated to the kernel and other programs. The attack works on Intel, AMD, and ARM processors. It was discovered by Google Project Zero and was publicly disclosed on January 3, 2018.

EMC xDashboard – SQL Injection Vulnerability

This vulnerability allows an attacker to retrieve information from the database. Vulnerable parameter: '$model.jobHistoryId'. Exploit: True Condition: https://[victim]:4000/xDashboard/html/jobhistory/jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133 and 1=1 False Condition: https://[victim]:4000/xDashboard/html/jobhistory/jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133 and 1=2

IOHIDeous

IOHIDeous is a macOS kernel exploit based on an IOHIDFamily 0day. It consists of three parts: poc, leak and hid. Poc panics the kernel to demonstrate the present of a memory corruption, leak leaks the kernel slide, and hid achieves full kernel r/w. Usage of the exploit requires root and SIP to be disabled, and it can be built using the make command.

Cambium ePMP1000 ‘get_chart’ Shell via Command Injection (v3.1-3.5-RC7)

This module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.

Recent Exploits: