header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

netForo 0.1g(file_to_download)Remote File Disclosure Exploit

This exploit allows an attacker to disclose files on the target system by exploiting the netForo 0.1g vulnerability. By manipulating the 'file_to_download' parameter in the 'down.php' script, an attacker can traverse the file system and access sensitive files such as the '/etc/passwd' file.

Yacs CMS Remote File Include Vulnerability

Yacs CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

DOS Snort Inline

The DOS Snort Inline exploit affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta) of Snort Inline. It requires Frag3 to be enabled, Inline to be enabled, Linux as the operating system, and ip_conntrack to be disabled. The exploit triggers a segfault by supplying an offset that causes reassembly for different snort fragmentation reassembly policies. The first packet is hardcoded with a 70-74 offset.

Cross-Site Scripting vulnerability in Pligg

Pligg is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

HTML-injection and cross-site scripting vulnerabilities in Pixie

Pixie is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage the issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.

Cross-Site Scripting in Gekko Web Builder

Gekko Web Builder is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Recent Exploits: