header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

CVE-2017-14494

The exploit allows an attacker to cause a denial of service (DoS) by sending a specially crafted packet to the dnsmasq DHCPv6 server. By exploiting this vulnerability, an attacker can crash the server, causing a loss of service for legitimate users.

Mercury Mail Transport System Remote Stack Based Overflow

There is a remotely exploitable stack based buffer overrun in the latest version of Mercury Mail Transport System. Specifically the SMTP Server does not properly handle long AUTH CRAM-MD5 strings resulting in a complete compromise of the underlying system.

PHP Multi Vendor Script v1.02 – ‘sid’ Parameter SQL Injection

The PHP Multi Vendor Script v1.02 is vulnerable to a SQL Injection attack on the 'sid' parameter. An attacker can manipulate the 'sid' parameter to inject malicious SQL queries, potentially gaining unauthorized access to the database and executing arbitrary commands.

Diskeeper Remote Memory Disclosure

This vulnerability involves a memory comparison function that is remotely accessible via the remote procedure call in the Diskeeper administrative interface. By making use of shared user memory at 0x7FFE0000, an attacker can learn information such as Windows drive, path, and version. Additionally, an attacker can also get the name, path, version, and base address of all loaded modules in the process, defeating address space randomization (ASLR) in Windows Vista.

GetMyOwnArcade (search.php) ($query) SQL-Injection

The vulnerability exists in the 'query' parameter of the search.php page in GetMyOwnArcade. The parameter is not properly filtered before being used in a database query, allowing an attacker to inject malicious SQL code. By using the UNION-SELECT technique, an attacker can extract sensitive information such as usernames and passwords from the database.

0-day EDraw Office Viewer Component 5.1 (officeviewer.ocx v. 5.1.199.1) “HttpDownloadFile()” Insecure Method

The EDraw Office Viewer Component 5.1 (officeviewer.ocx v. 5.1.199.1) is vulnerable to an insecure method called "HttpDownloadFile()". This vulnerability allows an attacker to download arbitrary files from a remote server to a user's machine by exploiting this insecure method.

Ground Control <= 1.0.0.7 server/client crash

This exploit allows an attacker to crash the Ground Control server or client. The attack can be performed by broadcasting a message to all clients or directly targeting a specific server. The attacker must specify the IP or hostname of the server. The vulnerability is caused by a buffer overflow when processing certain packets. By sending a specially crafted packet, an attacker can trigger the crash. This vulnerability affects Ground Control versions up to 1.0.0.7.

Easy Chat Server Remote DoS Exploit

Easy Chat Server has a built-in web server that allows users to log in. The login page has a maximum character limit of 30 for the Name and Password fields. If an attacker inserts a long Name and Password by editing or creating their own login page, the chat server will crash.

Recent Exploits: