header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

VCDGEAR 3.50 Stack-based Buffer Overflow Vulnerability

VCDGEAR 3.50 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Total Video Player 1.3.1 (Settings.ini) – SEH Buffer Overflow

This module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability occurs opening malformed Settings.ini file e.g."C:Program FilesTotal Video Player". This module has been tested successfully over Windows WinXp-Sp3-EN

GE Proficy CIMPLICITY gefebt.exe Remote Code Execution

This module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICITY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE. The last one can be executed remotely through the WebView server. This module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded CimWebServer. This module starts a WebDAV server to provide the malicious BCL files. When the target hasn't the WebClient service enabled, an external SMB service is necessary.

Forum Livre 1.0 Multiple Remote Vulnerabilities

The Forum Livre 1.0 application is vulnerable to SQL injection and cross-site scripting (XSS) attacks. The SQL injection vulnerability can be exploited by modifying the 'user' parameter in the 'info_user.asp' page. The XSS vulnerability can be exploited by injecting malicious code into the 'palavra' parameter in the 'busca2.asp' page.

GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability

The vulnerability exists in the print.asp file of the GPS 1.2 Content Managing System, allowing an attacker to inject SQL queries through the 'id' parameter. This can lead to unauthorized access and retrieval of sensitive information from the userdb table.

DUC NO-IP Local Password Information Disclosure

The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows. Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.

MS07-002 EXCEL Malformed Palette Record Vulnerability DOS POC

Bound error occurs when parsing Palette Record and it causes Heap Overflow. The attack vector is through arbitrary data overwrite to the heap. The result of the heap overflow is denial of service (DOS). The pyExcelerator module needs to be modified to prevent the generation of Palette Record.

Recent Exploits: