header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Petrol Pump Management Software v.1.0 – SQL Injection

A SQL Injection vulnerability was discovered in Petrol Pump Management Software v.1.0. This vulnerability allows an attacker to execute arbitrary code by injecting a malicious payload into the email address parameter in the index.php component.

A-PDF All to MP3 Converter 2.0.0 – DEP Bypass with HeapCreate + HeapAlloc + some_memory_copy_function ROP chain

The exploit demonstrates a DEP bypass using HeapCreate, HeapAlloc, and a memory copy function ROP chain in A-PDF All to MP3 Converter version 2.0.0. By crafting specific parameters for HeapCreate() and executing a series of steps involving HeapAlloc and memory copy functions, an attacker can bypass DEP protections to execute malicious code.

Easywall 0.3.1 – Authenticated Remote Command Execution

The Easywall 0.3.1 software allows an authenticated user to execute arbitrary commands on the target system due to a command injection vulnerability in the 'port' parameter. By sending a specially crafted payload, an attacker can gain unauthorized access to the system.

coppermine-gallery 1.6.25 RCE

The coppermine-gallery version 1.6.25 is vulnerable to Remote Code Execution (RCE) attack. By uploading a specially crafted zip file containing a PHP file with malicious code, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access, data leakage, and potential compromise of the entire system.

Limo Booking Software v1.0 – CORS

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain. The application allowed access from the requested origin http://wioydcbiourl.com. Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks. The attacker can get some of the software resources of the victim without the victim knowing this.

Atcom 2.7.x.x – Authenticated Command Injection

The Atcom 2.7.x.x version is vulnerable to an authenticated command injection vulnerability. By sending a specially crafted request to the web_cgi_main.cgi script, an attacker can inject arbitrary commands into the system. This can lead to remote code execution and unauthorized access to the target system.

Recent Exploits: