header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Input-Validation Vulnerabilities in Tiny Java Web Server

Tiny Java Web Server is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a directory-traversal vulnerability, an open-redirection vulnerability, and a source code information-disclosure vulnerability. Exploiting these issues can allow an attacker to retrieve arbitrary local files and view directories within the context of the webserver. Information harvested may aid in launching further attacks. A successful exploit may aid in phishing attacks; other attacks may also be possible.

FlashCard Cross-Site Scripting Vulnerability

FlashCard is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

vBulletin <= 3.6.4 inlinemod.php "postids" sql injection / privilege escalation by session hijacking exploit

The vulnerability exists in the inlinemod.php file in vBulletin <= 3.6.4. It allows for SQL injection and privilege escalation through session hijacking. This exploit requires a Super Moderator account to copy posts among threads and can be launched while the admin is logged into the control panel. It gives the attacker full admin privileges. Please note that this exploit will flood the forum with empty threads as well.

Information Disclosure Vulnerability in Huawei EchoLife HG520

The Huawei EchoLife HG520 is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Apache ActiveMQ Source Code Disclosure Vulnerability

The vulnerability allows attackers to access source code by exploiting the lack of proper sanitization of user-supplied input in Apache ActiveMQ. By exploiting this vulnerability, an attacker can retrieve arbitrary files from the vulnerable computer in the context of the webserver process, potentially aiding in further attacks.

AlienVault OSSIM av-centerd Command Injection

This module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection.

D-Link hedwig.cgi Buffer Overflow in Cookie Header

This module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.

MS14-035 Internet Explorer CInput Use-after-free POC

This exploit targets a use-after-free vulnerability in Internet Explorer. It causes a crash when accessing a freed CInput element in the DoReset function of the mshtml module. The vulnerability allows an attacker to execute arbitrary code on a target system.

Symlink Privilege Escalation in Virex

This exploit takes advantage of a symlink vulnerability in Virex to escalate privileges and gain root access on the target system. By creating a symlink to the root crontab file, the attacker can execute arbitrary commands with root privileges. The exploit also sets up a backdoor for future access and drops a root crontab dropper.

Recent Exploits: