header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Zeta Components Mail Package Arbitrary Command Execution

It is possible to execute arbitrary shell commands on the remote server by exploiting a vulnerability in the Mail package for Zeta Components. The vulnerability exists in the send method of the ezcMailMtaTransport class. By injecting a payload in the mail body and assigning a specific email address, an attacker can pass extra parameters to the sendmail function, allowing the execution of arbitrary commands.

Microsoft Edge Chakra WeaklyReferencedKeyDictionary FindEntry Function Crash

This vulnerability allows an attacker to crash the Microsoft Edge browser by exploiting a flaw in the Chakra JavaScript engine. The issue occurs in the JsUtil::WeaklyReferencedKeyDictionary::FindEntry function, where an uninitialized memory read can lead to a NULL pointer dereference and cause a crash.

Alpha Centauri Software SIDVault LDAP Server remote root exploit (0days)

This is a remote root exploit for the Alpha Centauri Software SIDVault LDAP Server. It allows an attacker to gain root access to the server. The exploit uses a buffer overflow vulnerability to execute arbitrary code on the target system. It includes shellcode that will spawn a root shell. The exploit targets the JMP ESP address in Ubuntu's linux-gate.so library.

PHP Perl Extension Safe_mode Bypass Exploit

This exploit allows an attacker to bypass safe mode restrictions in PHP by leveraging the PHP Perl extension. The attacker can execute arbitrary commands on the target system by providing a command through the 'cmd' parameter in the GET request. The exploit checks if the Perl extension is loaded and if the 'cmd' parameter is empty, it sets a default command based on the operating system. The Perl extension is then used to execute the command and the output is displayed in a textarea element on the page. The 'cmd' parameter is also sanitized to prevent HTML injection.

Mako Server v2.5 OS Command Injection RCE

This module exploits a vulnerability found in Mako Server v2.5. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.

SunShop v4.0 RC 6 Blind SQL Injection

The SunShop v4.0 RC 6 search script is vulnerable to blind SQL injection in the s[cid] parameter. An attacker can inject SQL code to exploit this vulnerability. The vendor has released a solution in version 4.0.1. The script allows the attacker to retrieve the username or password from the admin table.

Recent Exploits: