header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Carel PlantVisor directory traversal vulnerability

The Carel PlantVisor software version <= 2.4.4 is affected by a directory traversal vulnerability that allows an attacker to download files located on the disk where the software is installed. The vulnerability supports both slash and backslash and their HTTP encoded values.

Dameware Mini Remote Control Username Stack Buffer Overflow

This module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to the DWRCS executable listening on port 6129. The username is read into a strcpy() function causing an overwrite of the return pointer leading to arbitrary code execution.

WFTPD Pro Server 3.21 MLST DoS Exploit

This exploit targets the WFTPD Pro Server 3.21 and causes a Denial of Service (DoS) by sending a specially crafted MLST command. It fills the buffer with 'A's and sends the command repeatedly, increasing the size of the buffer each time. This exploit can crash the server and render it unavailable.

PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

Input passed to the "svr_rootscript" parameter in order/login.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled.

DNS Cache Poison v0.3beta

This is a Python script that performs DNS cache poisoning. It is based on the Amit Klein paper: http://www.trusteer.com/docs/bind9dns.html. The script predicts the next transaction ID for DNS queries and attempts to poison the cache with malicious responses. The output of the script includes the time, IP, port, ID, query, number of good predicted IDs, and number of errors.

CartWeaver SQL Injection Vulnerability

The CartWeaver application is vulnerable to SQL injection attacks in the Details.cfm page, specifically in the ProdID parameter. An attacker can manipulate the ProdID parameter to execute arbitrary SQL queries. This can lead to unauthorized access, disclosure of sensitive information, and potential compromise of the application and its data.

Recent Exploits: