header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Count Per Day WordPress plugin SQL Injection Vulnerability

The SQL Injection vulnerability in the Count Per Day WordPress plugin allows remote attackers with administrative privileges to execute arbitrary SQL commands and gain control of sensitive information in the application's database. The vulnerability is caused by insufficient filtration of input data passed via the 'cpd_keep_month' HTTP POST parameter to the '/wp-admin/options-general.php' script. An attacker can exploit this vulnerability through a CSRF vector since the application does not check the origin of HTTP requests.

Foxit Reader PNG Conversion Parsing tEXt chunk – Arbitrary Code Execution

This is a PoC (ASLR/DEP bypass) For ASLR bypass jrsysCrypt.dll is used, which doesn't make use of ASLR For DEP bypass a ropchain is used which call ZwProtectVirtualMemory through fastsyscall. This script looks for a tEXt chunk in a png file and replace this chunk with two other tEXt chunks. The first of them triggers the vulnerability and the second one contains a ropchain and shellcode.

eXtremail 2.1.1 remote root POC

This is a proof-of-concept exploit for a remote root vulnerability in eXtremail version 2.1.1. The vulnerability is caused by a DNS parsing bug. By sending a specially crafted DNS packet, an attacker can gain remote root access to the system. The exploit has been tested on eXtremail versions 2.1.0 and 2.1.1 for Linux.

Recent Exploits: