header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

PHP Server Monitor 3.1.1 Cross Site Request Forgery (CSRF) Vulnerability

Multiple CSRF issues in PHP Server Monitor allow remote attackers to add arbitrary users & servers to the system, modify system configurations and delete arbitrary servers, if user (admin) is logged in and visits our malicious website or clicks on our infected links. As no CSRF protection is used in the application, we can make requests on the victim's behalf and the server will happily oblige processing our malicious HTTP requests.

Max Forum Multiple Input-Validation Vulnerabilities

Max Forum is prone to multiple input-validation vulnerabilities including a PHP code-execution vulnerability, a local file-include vulnerability and an information-disclosure because it fails to properly sanitize user-supplied input.An attacker can exploit these issues to inject arbitrary PHP code and include and execute arbitrary files from the vulnerable system in the context of the affected application and to obtain sensitive information that may aid in further attacks.

East Wind Software (advdaudio.ocx v. 1.5.1.1) ‘OpenDVD’ method Local Buffer Overflow

The 'OpenDVD' method in East Wind Software (advdaudio.ocx v. 1.5.1.1) is vulnerable to a local buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code or crash the application.

Unprivileged Application Access to Email Content on Samsung S6 Edge

The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. This action requires no permissions to call, allowing an unprivileged application to gain access to email content.

Exynos Seiren Audio Driver Buffer Overflow Vulnerability

The Exynos Seiren Audio driver has a buffer overflow vulnerability in the write() implementation, allowing for memory corruption. The vulnerability can be triggered by writing to the device endpoint (/dev/seiren) with a user-supplied buffer that is not adequately bounds checked.

NPDS <= 5.10 - Remote Code Execution exploit

Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies (File Mainfile.php lines 655 to 691). No check is carried out on nicknames or Id which can allow an attacker to modify a SQL request so as to obtain data. N°2: SQL Injection due to a bad use of "X_FORWARDED_FOR" (file Mainfile.php lines 88 to 110). NPDS uses the HTTP header "X_FORWARDED_FOR" which normally contains the IP adress of a person using a non anonymous proxy. This Ip address is used in a SQL resquest without appropriate filtering, and an attacker can define "X_FORWARDED_FOR" insering malicious SQL code.

Recent Exploits: