header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

BlazeVideo HDTV Player Stack-based Buffer Overflow

BlazeVideo HDTV Player is prone to a stack-based buffer-overflow vulnerability because the application fails to handle malformed playlist files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

Remote exploit for the CA BrightStor msgeng.exe service heap overflow vulnerability

The exploit overwrites the UnhandledExceptionFilter in Windows 2000 SP0 with the address of call dword ptr [esi +4C] located in user32.dll. At the time when UEF is called esi +4C contains a pointer to the shellcode. The exploit opens a shell on TCP port 4444.

EasyE-Cards Multiple Input-Validation Vulnerabilities

EasyE-Cards is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ALLPlayer M3U Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in ALLPlayer 2.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This module has been tested successfully on Windows 7 SP1.

Drunken:Golem Gaming Portal (root_path) Remote File Include Exploit

This exploit allows an attacker to remotely include a file in the Drunken:Golem Gaming Portal, version 1.2. By manipulating the 'root_path' parameter in the 'phpIRC.php' script, an attacker can execute arbitrary code on the target system. The exploit uses a shell located at 'http://pang0.by.ru/shall/pang057.zz' to execute commands.

Recent Exploits: