header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Integer Overflow Vulnerability in Grassroots DICOM (GDCM) Library

GDCM versions 2.6.0 and 2.6.1 are prone to an integer overflow vulnerability which leads to a buffer overflow and potentially to remote code execution. The vulnerability is triggered by the exposed function gdcm::ImageRegionReader::ReadIntoBuffer, which copies DICOM image data to a buffer. ReadIntoBuffer fails to detect the occurrence of an integer overflow, which leads to a buffer overflow later on in the code.

Webdesproxy Remote Root Exploit

This exploit takes advantage of an uninitialized pb structure variable on .bss to execute arbitrary commands with root privileges. It uses the reverse connect-back method and targets systems running Fedora Core 6 with exec-shield enabled. The exploit modifies the arguments passed to execle() to execute a command of the attacker's choice. It also searches for 8 bytes of null from the stack to define an environment variable. The exploit requires 13 ret (pop %eip) codes to reach the desired stack position. It has been tested on Fedora Core 6 with webdesproxy version 0.0.1.

Clever Database Comparer ActiveX version 2.2 Remote Buffer Overflow Exploit

This exploit targets Clever Database Comparer ActiveX version 2.2. By sending a specially crafted request, an attacker can cause a buffer overflow, leading to remote code execution.

News 2.0 (newsadmin.php) Remote File Include Vulnerabilities

The vulnerability allows an attacker to include and execute arbitrary files from remote servers by exploiting the 'newsadmin.php' script. By manipulating the 'action' parameter in the URL, an attacker can specify the file to be included and executed. In this case, the exploit uses the 'shell' file as the payload.

Remote CVS <= 1.11.15 exploit for the error_prog_name double free vuln.

The Vulnerability lies in the serve_argumentx function. The Argumentx command parameter is used to append data to a previously supplied Argument command. These data pointers are stored in the argument_vector array. The serve_argumentx fails to check whether an Argument command is present in the argument_vector and may append data to a pointer that should not get touched at all, in our case the *error_prog_name string. The function calls realloc to create space for the new string. Because realloc will be called to store strlen(error_prog_name) + strlen(somedata) the original chunk which just stores error_prog_name will get freed. This free chunk will once again get freed after we disconnect from the CVS pserver.

Realplayer memory corruption in latest Version 16.0.3.51

RealPlayer is prone to a memory-corruption vulnerability. An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

Recent Exploits: