header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities

The Riverbed SteelCentral NetProfiler and NetExpress virtual appliances are affected by multiple security vulnerabilities, including authentication bypass, SQL injection, arbitrary code execution, privilege escalation, local file inclusion, account hijacking, and hardcoded default credentials. Details for other low severity vulnerabilities are available in the accompanying PDF. The SQL injection vulnerability allows an attacker to add a user account in the application's PostgreSQL database and bypass authentication. The exploitation of this vulnerability can be replicated from the main web GUI login functionality.

BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability

The submitPageChange function in BigTree CMS <= 4.2.11 is vulnerable to SQL Injection. The function is used twice during development in the following locations: /core/admin/modules/pages/front-end-update.php and /core/admin/modules/pages/update.php. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the /site/index.php/admin/pages/update/ endpoint. The vulnerability allows an authenticated attacker to execute arbitrary SQL queries.

UltraISO <= 8.6.2.2011 local buffer-overflow

This exploit allows an attacker to execute arbitrary code on a vulnerable machine running UltraISO version 8.6.2.2011 or earlier. The exploit takes advantage of a local buffer overflow vulnerability in the software. By providing a specially crafted bin and cue file, an attacker can execute arbitrary code with the privileges of the user running the vulnerable software. This exploit has been tested on Windows XP Service Pack 2. The shell_code used in the exploit is designed to execute the Windows calculator (calc.exe).

Vistered Little 1.6a Remote File Disclosure Vulnerability

The exploit allows an attacker to disclose sensitive files on the server by manipulating the skin parameter in the common.css.php script. By using directory traversal techniques, the attacker can access files outside the web root directory, such as the /etc/passwd file.

Recent Exploits: