header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Remote Buffer Overflow Vulnerability in Enemy Territory: Quake Wars

The Enemy Territory: Quake Wars application is prone to a remote buffer overflow vulnerability due to inadequate boundary checks on user-supplied input. Attackers can exploit this vulnerability to execute arbitrary code within the application's context. Failed attacks may result in denial-of-service conditions.

PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow

This exploit targets the mssql_connect() and mssql_pconnect() functions in PHP versions <= 4.4.6. It allows for local buffer overflow and can also bypass the safe_mode restriction. The exploit is specific to Windows 2000 SP3 EN with a SEH overwrite. It was created by rgod as a contribution to MOPB.

Pligg <= 2.0.1 SQL Injection / PWD disclosure / RCE

The exploit allows an attacker to perform SQL injection, disclose passwords, and execute remote code execution (RCE) in Pligg version 2.0.1 and below. The vulnerability is found in the recover.php file, where user input is not properly sanitized before being used in SQL queries. By manipulating the 'id' and 'n' parameters, an attacker can inject malicious SQL code and retrieve sensitive information or execute arbitrary code. This can lead to unauthorized access, data disclosure, and potential system compromise.

KubeSupport SQL Injection Vulnerability

KubeSupport is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Lian Li NAS Multiple vulnerabilities

1. Hardcoded cookie to access the admin section: The file storlib.js contains a function get_cookie() which checks for the presence of a hardcoded cookie 'LoginUser=admin' in the document's cookies. If the cookie is not found, it redirects to the index.html page. This allows an attacker to bypass authentication by setting the cookie manually.2. Authentication bypass: By creating the cookie 'LoginUser=admin' and accessing specific URLs, an attacker can gain access to admin features such as enabling/disabling the Telnet server and managing users.

Gallery XML Joomla! Component SQL Injection and Local File Include Vulnerabilities

The Gallery XML Joomla! component is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; by using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.

Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities in Firebook

Firebook is prone to multiple cross-site scripting vulnerabilities and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and other harvested information may aid in launching further attacks.

Recent Exploits: