header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

IMail 2006 and 8.x SMTP Stack Overflow Exploit

This module exploits a stack based buffer overflow in IMail 2006 and 8.x SMTP service. If we send a long strings for RCPT TO command contained within the characters '@' and ':', we can overwrite the eip register and exploit the vulnerable smpt service.

KDPics <= Remote File Include Vulnerability

The vulnerability allows an attacker to include a remote file in the vulnerable PHP script. In this case, the vulnerable file is exif.php in the KDPics/lib/exifer/ directory. By manipulating the 'lib_path' parameter in the URL, an attacker can include a malicious file (Evil.txt) and execute arbitrary commands on the server.

Woltlab Burning Board Lite <= 1.0.2pl3e pms.php / sql injection exploit

This exploit allows an attacker to perform SQL injection in the pms.php file of Woltlab Burning Board Lite version 1.0.2pl3e. The vulnerability exists in the $_POST['pmid'] argument, which is not properly sanitized before being used in database queries. This can be exploited by an attacker to manipulate the database and potentially execute arbitrary SQL commands.

Photo Galerie Standard <= 1.1 (view.php) Remote SQL Injection Vulnerability

The Photo Galerie Standard <= 1.1 (view.php) is vulnerable to a remote SQL injection attack. By manipulating the 'id' parameter in the 'view.php' file, an attacker can execute arbitrary SQL queries on the underlying database. This can lead to unauthorized access, data theft, and other malicious activities.

Microsoft Word 2000 Unspecified Code Execution Vulnerability Exploit (0-day)

When a user opens a specially crafted Word file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code. This exploit will execute the command - 'CMD.EXE'.

ezConvert: phpBB ezBoard converter v0.2 (ezconvert_dir) Remote File Include Exploit

This exploit allows an attacker to remotely include a malicious file in the ezConvert PHP script. The vulnerable code is found in the 'config.php' file where the 'ezconvert_dir' parameter is not properly validated before being included. By manipulating this parameter, an attacker can include a remote file and execute arbitrary code on the target system.

Recent Exploits: