header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Neturf eCommerce Shopping Cart Cross-Site Scripting Vulnerability

The Neturf eCommerce Shopping Cart is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting malicious script code into the 'SearchFor' parameter of the 'search.php' page. When an unsuspecting user visits the affected site and performs a search, the injected script code will execute in their browser, allowing the attacker to potentially steal authentication credentials and launch further attacks.

Winamp Buffer Overflow DOS Exploit (0-DAY)

This is a buffer overflow exploit for Winamp Media Player. The exploit is in the form of an executable file (winamp.exe) and a Perl script (winamp.pl). The exploit takes advantage of a buffer overflow vulnerability in Winamp to cause a denial-of-service (DOS) attack. The exploit creates a malicious AVI file (Dr.Trojan.avi) that triggers the buffer overflow when opened in Winamp. The exploit was discovered by the DeltahackingTEAM and the bug was found and exploited by Farzad.Sharifi (Dr.Trojan). The risk level of this vulnerability is high.

Magento CE < 1.9.0.1 Post Auth RCE

This exploit allows an attacker to execute arbitrary commands on a vulnerable Magento CE version < 1.9.0.1 post-authentication. The exploit works by leveraging a vulnerability in the Zend_Log class to pivot into the call_user_exec function and execute a specified command. The payload is constructed as an object of the Zend_Log class with a malicious YAML encoder that allows the execution of the command passed as an argument. The exploit requires authentication and the exact installation date from the local.xml file. It has been tested on Ubuntu 15.

Remote File Inclusion in Joomla 1.5.0 Beta

There is a remote file inclusion vulnerability in Joomla 1.5.0 Beta. The vulnerability exists in the file /libraries/pcl/pcltar.php, specifically on line 74. An attacker can exploit this vulnerability by including a remote file using the 'g_pcltar_lib_dir' parameter. The proof of concept (POC) URL provided demonstrates the vulnerability.

Easy File Management Web Server v5.6 – USERID Remote Buffer Overflow

This exploit allows an attacker to remotely overflow the USERID parameter in Easy File Management Web Server v5.6, leading to arbitrary code execution. The vulnerability was discovered by Tracy Turben and the exploit code is based on the work of superkojiman. The exploit takes advantage of a buffer overflow in the USERID parameter to execute a crafted payload. It uses a pivot technique to redirect execution flow to the crafted payload and then executes a stack-based shellcode to spawn a calculator (calc.exe).

Recent Exploits: