header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

XCMS CMS Remote Directory Listing & Local File Include Vulnerability

The XCMS CMS version 1.1 is vulnerable to a remote directory listing and local file inclusion vulnerability. The vulnerability exists in the 'Galerie.php' module, where the 'Lang' and 'Ent' parameters are not properly validated before being used in include and opendir functions, respectively. An attacker can exploit this vulnerability to read arbitrary files on the server and potentially execute malicious code.

MusicDaemon <= 0.0.3 v2 Remote /etc/shadow Stealer / DoS

This exploit allows an attacker to remotely steal the /etc/shadow file from a vulnerable MusicDaemon version 0.0.3. The vulnerability does not require shellcode or return addresses and works by exploiting the lack of authentication and privilege checks in the application. By sending specific commands to the MusicDaemon, an attacker can retrieve sensitive system files such as /etc/shadow.

D-link wireless router DIR-600M – Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in the DIR-600M wireless router enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated. An attacker who lures a DIR-600M authenticated user to browse a malicious website can exploit cross site request forgery (CSRF) to add new admin, change wifi password and to change other network settings.

Ripe Website Manager Remote File Include Vulnerability

The Ripe Website Manager script (version <= v0.8.9) is vulnerable to remote file inclusion. The vulnerability can be exploited by including arbitrary files via the 'level' parameter in the 'author_panel_header.php' and 'admin_header.php' scripts. An attacker can craft a malicious URL and execute arbitrary code on the target system.

Remote DoS against OpenBSD http server (up to 6.0)

The shipped HTTP daemon in OpenBSD (up to the latest version) is prone to 2 remote DoS. The first vulnerability allows an attacker to consume all the CPU power from the remote server (CPU exhaustion). The second vulnerability (Memory exhaustion) allows an attacker to consume all the RAM and the swap space on the remote side. Processes will be killed when running out of swap space. The system will be likely to freeze.

Recent Exploits: