header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Broadlight Residential Gateway DI3124 Unauthenticated Remote DNS Change

Broadlight Residential Gateway DI3124 is vulnerable to unauthenticated remote DNS change. An attacker can exploit this vulnerability by sending a malicious GET request to the target server. The malicious request will change the DNS server of the target device to the attacker's DNS server. This will allow the attacker to intercept the traffic of the target device.

Acoustica Pianissimo 1.0 Build 12 (Registration ID) Buffer Overflow PoC

The vulnerability is caused due to a boundary error in the processing of a user input in the registration id field of the registration procedure, which can be exploited to cause a buffer overflow when a user inserts long array of string for the ID. Successful exploitation could allow execution of arbitrary code on the affected machine.

IO Port Access Vulnerability

This vulnerability allows an attacker to gain access to the I/O ports of a system, which can be used to gain access to privileged information or to execute malicious code. The vulnerability is caused by the use of the iopl() function in the code, which allows an attacker to gain access to the I/O ports of a system. The code also contains a loop that can be used to push data into the FIFO register, which can be used to gain access to privileged information or to execute malicious code.

Exploit for D-Link DSL-500B G2 Cross Site Scripting (XSS Injection) Stored in todmngr.tod URL Filter

This exploit disables some features of the modem, forcing the administrator of the device, accessing the page to reconfigure the modem again, occurring script execution in the browser of internal network users.

CSRF and Stored XSS Vulnerability in Ultimate Profile Builder WordPress Plugin

This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin's browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc.

Recent Exploits: