header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

EDraw Office Viewer Component Denial of Service Exploit

This exploit targets EDraw Office Viewer Component (edrawofficeviewer.ocx) version 4.0.5.20. By sending a specially crafted HTTP request, an attacker can cause a denial of service condition on systems running this vulnerable component. The exploit involves creating a large buffer and passing it as a parameter to the HttpDownloadFile method of the ActiveX object.

MS16-016 mrxdav.sys WebDav Local Privilege Escalation

This module exploits the vulnerability in mrxdav.sys described by MS16-016. The module will spawn a process on the target system and elevate it's privileges to NT AUTHORITYSYSTEM before executing the specified payload within the context of the elevated process.

Zenturi ProgramChecker ActiveX (sasatl.dll) Arbitrary file download/overwrite Exploit

Using the 'DownloadFile' method, this exploit allows downloading any file on a PC. The provided example downloads a txt file, but it can also overwrite critical system files like cmd.exe.

InstantHMI – EoP: User to ADMIN

During a standard installation of InstantHMI, the installer automatically creates a folder named "IHMI-6" in the root drive with incorrect default permissions. AUTHENTICATED USERS are given WRITE permission, allowing them to replace binaries or plant malicious DLLs to obtain elevated, administrative level privileges.

Hide.Me VPN Client – EoP: User to SYSTEM

The Hide.Me VPN Client installer creates a folder with insecure permissions, allowing any user to gain write access. This can be exploited by replacing binaries or planting malicious DLLs to elevate privileges from a regular user to SYSTEM. By overwriting the service executable, vpnsvc.exe, an attacker can achieve code execution with the highest privileges.

Vizayn Urun Tanitim Sistemi v0.2 (tr) Remote SQL Injection Vulnerability

This vulnerability allows an attacker to perform a remote SQL injection attack on the Vizayn Urun Tanitim Sistemi v0.2 (tr) script. By manipulating the 'id' parameter in the 'default.asp' file, an attacker can retrieve sensitive information from the admin table, including the admin username, password, and email address.

Usermode Audio Subsystem Privilege Escalation

The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to be designed for single-user usage. The shared memory implementation allows any application to access/modify/map shared memory pages used by JACK, regardless of which application created those shared memory pages. This allows an attacker to corrupt the internal state of shared-memory backed objects and modify values without validation, potentially leading to privilege escalation.

Pheap 2.0 Admin Bypass/Remote Code Execution

This exploit allows an attacker to bypass user authentication and potentially execute remote code on a Pheap 2.0 server. The exploit takes advantage of a user verification routine that compares a cookie value to the admin's username. If the cookie value does not match the username, the user is redirected to the login page. By knowing the admin's username, an attacker can access any page that uses this authentication method and retrieve all credentials in clear-text. The exploit script provided allows for either credential disclosure or remote code execution.

Recent Exploits: