header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Remote Shell Format String Vulnerability in Axigen eMail Server v2.0 (beta)

This exploit takes advantage of a format string vulnerability in the pop3 service of Axigen eMail Server v2.0 (beta) to execute /bin/sh and bind to port 31337. The exploit uses an optimised format string generated with libforSC, using hhn for writes. The logType for the pop3 service must be set to "system" and the logLevel must have the 4th bit set.

Multiple Security-Bypass Vulnerabilities in Microsoft Internet Explorer

Microsoft Internet Explorer is prone to multiple security-bypass vulnerabilities because it fails to properly handle encoded values in X.509 certificates. Specifically, it fails to properly distinguish integer sequences that are then recognized as CN (common name) elements. Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Vivvo Article Manager v 3.4 Remote Code Execution

The Vivvo Article Manager v 3.4 is vulnerable to remote code execution. By exploiting the './include/db_conn.php' script, an attacker can execute arbitrary code on the server. The vulnerability can be exploited by appending a specially crafted URL parameter 'root' with a shell URL.

webSPELL v4.01.02 (showonly) Remote SQL Injection

This exploit takes advantage of an unquoted variable in the news.php file of webSPELL v4.01.02, allowing for remote SQL injection. The exploit can only be used if the register_globals setting is turned on. It requires the host and path of the target, as well as optional parameters for the user ID and table name. The exploit uses a loop to retrieve the MD5 hash character by character.

VS-Link-Partner <= 2.1 (script_pfad) Remote File Include Exploit

This is a remote file inclusion vulnerability in the VS-Link-Partner version 2.1. The vulnerability allows an attacker to include a remote file by exploiting the 'script_pfad' parameter in the 'functions_inc.php' file. By manipulating the 'gb_pfad' parameter, an attacker can execute arbitrary code on the server.

VS-News-System <= V1.2.1 (newsordner) Remote File Include Exploit

This exploit allows an attacker to include remote files in the VS-News-System version 1.2.1. The vulnerability is present in the 'newsordner' parameter of the 'show_news_inc.php' file. By manipulating the 'newsordner' parameter, an attacker can include a remote file hosted on a different server. This can lead to remote code execution or disclosure of sensitive information.

Recent Exploits: