header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

ZTE ZXV10 W300 v3.1.0c_DR0 – UI Session Delete Vulnerability

A session vulnerability has been discovered in the official ZTE Corporation ZXV10 W300 v3.1.0c_DR0 modem hardware. The security vulnerability allows remote attackers to block/shutedown or delete network settings and components. Attackers can request via GET method the /Forms/home_lan_1 path and the modem will delete all the LAN configurations automatically.

Garennes 0.6.1 <= Remote File Include Vulnerabilities

The Garennes version 0.6.1 is vulnerable to Remote File Include. This vulnerability allows an attacker to include remote files by exploiting the 'repertoire_config' parameter in various PHP files. The attacker can specify a malicious file as the value of the 'repertoire_config' parameter, leading to arbitrary code execution.

RuubikCMS Multiple Vulnerabilities

Attackers can steal cookie-based authentication credentials, execute arbitrary script code in the browser, and retrieve arbitrary files from the affected system. This can lead to the disclosure of sensitive information and other possible attacks.

Remote Denial-of-Service Vulnerability in Mosh

The Mosh application is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue by sending specific input to the affected application, causing it to crash or enter an endless loop. This denial-of-service attack can result in a denial of service for legitimate users of the application.

ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)

This exploit targets a vulnerability in ProFTPD version 1.3.0 and 1.3.0a. The vulnerability is present in the mod_ctrls module and can be exploited locally. By exploiting this vulnerability, an attacker can execute arbitrary code with elevated privileges. The exploit uses the exec-shield technique to bypass security measures.

OpenFTPD Format String Exploit

This exploit targets a format string bug in the OpenFTPD software. The exploit allows for remote code execution by hijacking the jumpslot for fclose() and using the retaddr from argv[3] to execute arbitrary code. The shellcode is passed through the 'site msg' command, specifically the 'site msg read X' command, where X is the shellcode. This exploit has been tested on the most current version of OpenFTPD.

QDBlog v0.4 – MULTIPLE VULNERABILITIES

The QDBlog v0.4 application is vulnerable to SQL Injection and Local File Inclusion attacks. The SQL Injection vulnerability allows an attacker to bypass the admin access authentication and gain unauthorized access to the administration panel. The Local File Inclusion vulnerability allows an attacker to include arbitrary local files, potentially leading to remote code execution or information disclosure.

filezilla 3.11.0.2 sftp module denial of service vulnerability

SFTP module for FileZilla, based on Putty's PSFTP component, is vulnerable to a denial of service attack. When performing the SSH DH group exchange old style, if the server sends a malformed DH group exchange reply, it can cause the FileZilla component to crash.

Recent Exploits: