header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Sagem F@st 3304-V2 Authentication Bypass

The Sagem Fast 3304-V2 router is vulnerable to an authentication bypass bug which allows unprivileged users to modify the preconfigured root password then log in with administrator permissions. The vulnerability can be exploited by running javascript code in the web browser bar. The default URL to access the web management interface is http://192.168.1.1 but this attack can also be performed by an external attacker who connects to the router's public IP address.

Site-Assistant <= v0990(paths[version])Remote File Include Exploit

This exploit allows an attacker to include remote files in the vulnerable application. The vulnerability exists in the 'menu.php' file of Site-Assistant version v0990. By manipulating the 'paths[version]' parameter, an attacker can include arbitrary files from a remote server, potentially leading to remote code execution.

Stack-based Buffer Overflow Vulnerability in NovaStor NovaNET

NovaStor NovaNET is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

OTSCMS 2.1.5 SQL Injection / XSS

This exploit allows an attacker to perform SQL injection and cross-site scripting (XSS) attacks on OTSCMS version 2.1.5. The vulnerability exists in the 'reply.php' file in the 'mod/PM' directory, specifically in lines 22-26. An attacker can exploit the SQL injection vulnerability by manipulating the 'id' parameter in the 'priv.php' file, allowing them to retrieve sensitive information from the database. The XSS vulnerability can be exploited by injecting malicious JavaScript code into the 'name' parameter in the 'forum.php' file.

Input-validation vulnerabilities in Irokez Blog

These vulnerabilities include a cross-site scripting issue, an SQL-injection issue, and multiple remote file-include issues. Exploiting these vulnerabilities could lead to stealing authentication credentials, executing arbitrary code, compromising the application, accessing or modifying data, or exploiting underlying database vulnerabilities.

Advanced Poll 2.0.0 >= 2.0.5-dev textfile admin session gen.

This exploit allows an attacker to generate an admin session for Advanced Poll version 2.0.0 to 2.0.5-dev. By providing a specific username and password, the attacker can bypass authentication and gain administrative access to the system. The exploit uses the LWP::UserAgent module and performs a POST request to the admin/index.php endpoint. If successful, the exploit retrieves the session ID and provides instructions for accessing the admin panel.

Recent Exploits: