header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

WordPress 2.1.3 “admin-ajax.php” SQL Injection Blind Fishing Exploit

This exploit targets WordPress version 2.1.3 and takes advantage of a SQL injection vulnerability in the "admin-ajax.php" file. The exploit allows an attacker to extract sensitive information from the WordPress database using blind fishing technique. The exploit was written by Janek Vind "waraxe" and was published on May 21, 2007.

Memory Corruption Issues in Comodo Antivirus Emulator

The x86 emulator in Comodo Antivirus can be exploited by triggering emulation through methods like sending an email or visiting a website. The emulator has memory corruption issues and also implements shims for Win32 API calls, some of which run as NT AUTHORITYSYSTEM. One example is the USER32!GetKeyState shim.

Sysax Multi Server 6.50 HTTP File Share SEH Overflow RCE Exploit

This is a post authentication exploit that requires the HTTP file sharing service to be running on Sysas Multi Server 6.50. The SID can be retrieved from your browser's URL bar after logging into the service. Once exploited, the shellcode runs with SYSTEM privileges. In this example, we attack folder_ in dltslctd_name1.htm. The root path of the user shouldn't break the buffer offset in the stack, though the user will need to have permission to delete folders. If the user has file delete permissions, file_ will work as well. mk_folder1_name1 is also vulnerable with a modified buffer, so this same exploit can be modified to adapt to a users permissions.

AlstraSoft Template Seller Pro <= 3.25 Admin Password Change Exploit

This is an exploit for AlstraSoft Template Seller Pro <= 3.25 that allows an attacker to change the admin password. The exploit takes advantage of a vulnerability in the checkLogin function in include/main.php. By providing a valid admin ID and a new password, the attacker can change the admin password.

WordPress Plugin Abtest – Local File Inclusion

The Wordpress Plugin Abtest is vulnerable to Local File Inclusion. The vulnerability allows an attacker to include local files on the server by manipulating the 'action' parameter in the 'abtest_admin.php' file. This can lead to unauthorized access to sensitive files and potential remote code execution.

AlstraSoft Live Support v1.21 Admin Credential Retrieve Exploit

This exploit allows an attacker to retrieve admin credentials from the AlstraSoft Live Support v1.21 application. The vulnerable code is located in common.php and does not include an exit function after the header() function, allowing the attacker to extract the admin credentials.

Recent Exploits: