header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Truecrypt 7 Derived Code/Windows: Drive Letter Symbolic Link Creation EoP

The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by abusing the drive letter symbolic link creation facilities to remap the main system drive. With the system drive remapped it’s trivial to get a new process running under the local system account.

Kaseya VSA uploader.aspx Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.

Pre Classifieds Listings v1.0 Remote SQL Injection

This vulnerability allows an attacker to perform a SQL injection attack on the Pre Classifieds Listings v1.0 website. By manipulating the 'category' parameter in the search.php page, the attacker can inject SQL code to retrieve sensitive information such as passwords or usernames from the 'users' table.

LanSpy Buffer Overflow Vulnerability

LanSpy.exe is prone to a buffer overflow vulnerability. This vulnerability occurs when a malicious 'addresses.txt' file is loaded by the application. The payload for the buffer overflow must be the very first entry in the text file. When the application is run and the scanning process is initiated, the program crashes, allowing an attacker to control the EIP at 684 bytes and overwrite both the NSEH & SEH exception handler pointers.

PHP Coupon Script 3.0 Remote SQL Injection

The exploit allows an attacker to perform a remote SQL injection attack on the PHP Coupon Script 3.0. By manipulating the 'bus' parameter in the 'index.php?page=viewbus' page, the attacker can inject SQL code to retrieve sensitive information from the database, such as usernames and passwords.

FTGate v7 Cross Site Request Forgery (CSRF) Vulnerability

Multiple CSRF vectors exist within FTGate v7 allowing various attacks like adding arbitrary domains, enabling arbitrary remote archiving of logs, whitelisting arbitrary email addresses, adding arbitrary mailbox & disabling antivirus, and removing email attachment blocking for files.

Open Translation Engine (OTE) 0.7.8 (header.php ote_home) Remote File Include

The vulnerability allows an attacker to include a remote file in the header.php file of the Open Translation Engine (OTE) version 0.7.8. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system.

FTGate 2009 CSRF Vulnerability

Multiple CSRF vectors exist within FTGate 2009 that allow us to add arbitrary remote domains, disable antivirus scanning for various Email file attachment types, and finally change settings to have archived server logs sent to our remote attacker controlled server for safe keeping.

Recent Exploits: