header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

HP Release Control Authenticated XXE

This module take advantage of three separate vulnerabilities in order to read an arbitrary text file from the file system with the privileges of the web server. You must be authenticated, but can be unprivileged since a privilege escalation vulnerability is used. Tested against HP Release Control 9.20.0000, Build 395 installed with demo data. The first vulnerability allows an unprivileged authenticated user to list the current users, their IDs, and even their password hashes. Can't login with hashes, but the ID is useful in the second vulnerability. When a user changes their password, they post the ID of the user who is going to have their password changed. Just replace it with the admin ID and you change the admin password. You are now admin. The third vulnerability is an XXE in the dashboard XML import mechanism. This is what allows you to read the file from the file system. This module is super ghetto half because it was an AMF application, half because I worked on it longer than I wanted to.

FTP Voyager <= 14.0.0.3 CWD Remote Stack Overflow

There is a remote stack overflow in FTP Voyager triggered by a long 257 response. After that, if the user hits <abort>, it causes a stack overflow. This vulnerability only results in a denial of service (DoS) and does not allow for code execution.

SafeNet Sentinel Protection Server 7.0 – 7.4 and Sentinel Keys Server 1.0.3 – 1.0.4 Directory Traversal

This script exploits a directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4. It allows an attacker to download sensitive files from the target Windows machine, such as registry hives, boot.ini, and win.ini.

TurboFTP 5.30 Build 572 Multiple Remote DoS

The TurboFTP application is vulnerable to multiple remote denial of service attacks. These include handling responses with a large number of newline characters, a heap overflow triggered by a long file name in a LIST command response, and a heap overflow when the application sends a long CWD command. These vulnerabilities can be exploited to cause a denial of service condition on the target system. It is unlikely that code execution is possible with these vulnerabilities.

Online Web Building v2.0 (id) Remote SQL Injection

This exploit allows an attacker to perform SQL injection on the Online Web Building v2.0 (id) application. By injecting SQL code into the 'art_id' parameter of the 'page.asp' page, an attacker can retrieve sensitive information such as usernames and passwords from the 'Users' table.

Advisory ID: HTB23212

High-Tech Bridge Security Research Lab discovered CSRF and Remote Code Execution vulnerabilities in EGroupware, which can be exploited by remote attacker to gain full control over the application and compromise vulnerable system.

NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit

This exploit targets NukeSentinel version 2.5.05 and specifically the file 'nsbypass.php'. It allows an attacker to perform blind SQL injection attacks. The exploit requires certain conditions to be met, such as PHP and CMS conditions, and the victim's username and URL. Additional options can be specified, such as whether the victim is an admin or a normal user, the table prefix, the number of hits to try, and proxy settings.

Recent Exploits: