header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Remote Buffer-Overflow Vulnerability in Nagios Plugins

The Nagios Plugins software is vulnerable to a remote buffer-overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary machine code in the context of the affected users. The vulnerability exists due to the software's failure to properly bounds-check user-supplied data before copying it to a buffer that is not large enough.

Command-execution vulnerability in Microsoft Windows XP and Server 2003 with Internet Explorer 7

The vulnerability allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs. Attack vectors include following URIs in Mozilla Firefox, Skype, Adobe Acrobat Reader, Miranda, Netscape, and mIRC. The issue in BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) can also be exploited as an attack vector for this issue.

Dawn of Time MUD Server Multiple Format-String Vulnerabilities

The Dawn of Time MUD server is prone to multiple format-string vulnerabilities. Exploiting these issues will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks will likely cause denial-of-service conditions.

Multiple Cross-Site Scripting Vulnerabilities in Stuffed Tracker

Stuffed Tracker is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Exploit for Mac OS X 10.4.8 (8L2127) – Happy New Year Command Injection

This exploit takes advantage of a command injection vulnerability in Mac OS X 10.4.8 (8L2127) to execute arbitrary commands. By modifying the CMD_STRING variable, an attacker can execute any command they desire. The exploit uses a static address for the command string, but this may need to be adjusted depending on the execution method and string length. The payload includes the addresses for system(), setuid(), and the command string. Sleds are also included to allocate large heap chunks for better reliability. This exploit was released on January 1, 2007, and was developed by LMH and Kevin Finisterre.

Cross-Site Request Forgery in FeedBurner FeedSmith

The FeedBurner FeedSmith plugin is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application. The vulnerability can be exploited by sending a malicious request to the affected application.

Recent Exploits: