header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

WordPress MiwoFTP Plugin 1.0.5 <= Arbitrary File Download

The WordPress MiwoFTP Plugin 1.0.5 allows an attacker to download arbitrary files from the server by exploiting a vulnerability in the 'download' action of the 'com_miwoftp' component. By manipulating the 'item' parameter in the URL, an attacker can specify the file they want to download, such as the 'wp-config.php' file.

Apache mod_rewrite off-by-one(Win32) Exploit

This exploit targets the Apache mod_rewrite vulnerability on Win32 systems. It allows an attacker to trigger a buffer overflow through the 'ldap://' parameter in the GET request. The vulnerability was discovered by Mark Dowd and assigned CVE-2006-3747. The exploit does not require any opcodes under Windows and directly runs the attacker's shellcode. The vulnerable Apache versions are 1.3 branch (>1.3.28 and <1.3.37), 2.0 branch (>2.0.46 and <2.0.59), and 2.2 branch (>2.2.0 and <2.2.3). Some compilers may add padding to the stack, making them non-exploitable.

SmodCMS <= 2.10 (Slownik ssid) Remote SQL Injection Exploit

This exploit allows an attacker to perform a remote SQL injection attack on SmodCMS version 2.10 or below. The vulnerability is located in the 'slownik_module_id' parameter. An attacker can execute arbitrary SQL queries, which can lead to unauthorized access to the database or manipulation of data.

WordPress Ajax Store Locator <= 1.2 SQL Injection Vulnerability

The 'sl_dal_searchlocation_cbf' ajax function in Wordpress Ajax Store Locator plugin version 1.2 and below is affected by a SQL Injection vulnerability. The 'StoreLocation' variable is not sanitized, allowing an attacker to inject malicious SQL queries.

Beryo 2.0(downloadpic.php chemin)Remote File Disclosure Vulnerability

The Beryo 2.0 version contains a vulnerability that allows remote attackers to disclose files from the server. By manipulating the 'chemin' parameter in the 'downloadpic.php' script, an attacker can traverse the directory structure and access sensitive files such as the password file ('/etc/passwd'). The vulnerability can be exploited by sending a crafted request to the server with the appropriate path traversal sequence in the parameter value.

FileCOPA FTP Server <= 1.01 (LIST) Remote Buffer Overflow Exploit(2)

We can write some assembly instruction to jump into shellcode. At the time of EIP overwrite, ECX points to our hole request(LIST evil). So jumping forward into ECX points to our Shellcode.

Recent Exploits: