header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Zahir Enterprise Plus 6 Stack Buffer Overflow

This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.

Cisco Prime Infrastructure Unauthenticated Remote Code Execution

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation.

TOWeLS version 0.1 (scripture.php) Remote File Inclusion Vulnerability

The vulnerability allows an attacker to include a remote file on the vulnerable server. In this case, the vulnerability exists in the scripture.php file of TOWeLS version 0.1. By manipulating the 'pageHeaderFile' parameter, an attacker can include a malicious file hosted on a remote server.

ISPConfig < 3.1.13 - Remote Command Execution

There is an include on almost all the php files, which includes the language template. The vulnerability allows an attacker to execute arbitrary commands on the server by manipulating the language parameter. By exploiting this vulnerability, an attacker can compromise the entire clients of the ISPConfig.

PHP 5.x COM functions safe_mode and disable_function bypass

This exploit allows an attacker to bypass the safe_mode and disable_function restrictions in PHP 5.x COM functions, potentially leading to remote code execution and compromise of the server. The vulnerability can be exploited both locally and remotely, with remote execution requiring a server that is MS-based and configured to work with PHP. The exploit takes advantage of the fact that the script is executed from a client that does not check Windows protections against execution of dangerous COM objects. The exploit works on Windows servers running Apache and PHP, and has been tested on Windows XP Pro SP2.

Recent Exploits: