header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Dlink DIR-600L Hardware Version AX Firmware Version 1.00 CSRF Vulnerability

This Modem's Web Application suffers from Cross-site request forgery through which attacker can manipulate user data via sending him malicious craft url. The Modems's Application not using any security token to prevent it against CSRF. You can manipulate any userdata. PoC and Exploit to change user password:

McAfee Asset Manager v6.6 multiple vulnerabilities

An unprivileged authenticated user can download arbitrary files with the permissions of the web server using the report download functionality. By generating a report, the user's browser will make a request to /servlet/downloadReport?reportFileName=blah. The user can put in a relative directory traversal attack and download /etc/passwd. An unprivileged authenticated user can initiate a SQL injection attack by creating an audit report and controlling the username specified in the audit report.

Hailboards v1.2.0 (phpbb_root_path) Remote File Include Exploit

This exploit takes advantage of a vulnerability in Hailboards v1.2.0 where it allows remote file inclusion. By including a malicious file through the 'phpbb_root_path' parameter, an attacker can execute arbitrary code on the target system. The exploit code is provided in the given link.

mp3info SEH exploit

The process memory region starts with a null byte but exploitation is still possible because of the little endian architecture provided that the return address gets placed at the end of the buffer, this however confines us in the tiny 4-byte area after pop/pop/retn. Using a couple of trampolines, I jumped back to the beginning of the buffer which is 533 bytes, enough to fit a calc payload.

ZoneAlarm Security Suite Buffer Overflow Vulnerability

ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths. Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

ExoPHPDesk <= 1.2.1 (faq.php) Remote SQL Injection Vulnerability

This exploit allows an attacker to perform a remote SQL injection attack on ExoPHPDesk version 1.2.1 through the faq.php file. By manipulating the 'id' parameter in the URL, an attacker can execute arbitrary SQL queries and potentially gain unauthorized access to the database.

Recent Exploits: