header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Oracle Database local elevation of privileges PoC exploit

This is a proof-of-concept exploit for a local elevation of privileges vulnerability in Oracle Database. The exploit takes advantage of a shared section and injects shellcode to execute a command prompt. The vulnerability allows an attacker to gain elevated privileges on the affected system.

SQL Injection vulnerability in AneCMS

AneCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Nagios XI Multiple Cross-Site Scripting Vulnerabilities

Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Cacti Cross-Site Scripting and HTML Injection Vulnerabilities

Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

HTML-injection vulnerability in Syntax Highlighter

The Syntax Highlighter is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

HTML Injection vulnerability in Flock Browser

Flock Browser is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

NukeSentinel <= 2.5.06 SQL Injection (mysql >= 4.0.24) Exploit

This exploit allows an attacker to perform SQL injection on NukeSentinel version 2.5.06 or lower with MySQL version 4.0.24 or higher. The exploit takes advantage of the disable_switch and track_active settings in the CMS. The exploit is based on the server response time and can be used with options like -debug, -benchmark, and -truetime for troubleshooting.

raped.c

This exploit is a denial of service (DoS) attack that sends a flood of UDP packets to a specified IP address and port. It uses a string named 'shit' to send the packets. The amount of packets sent can be specified, as well as the port and delay between packets. The code also includes a signal handler to display statistics when the program is terminated.

Recent Exploits: