header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

Vtiger CRM 7.1.0 – Remote Code Execution

This application has the vulnerability of uploading files with the extension 'php3' in the logo upload field. But the uploaded file must be in PNG format and size 150X40. We can put PHP code into image source. After you make the extension 'php3', the PHP code that we've placed can work. Therefore, PHP code can be executed using '<? ?>' Tags in PNG format file. I have exploited in 2 different ways. First one uploads a basic php shell for you and lets you control it through the console. Second one uploads the php meterpreter payload to the target site and lets you set this payload.

7.5
CVSS
HIGH
Remote Code Execution
CWE
Product Name
Vtiger CRM
Platforms Tested
XAMPP for Linux 5.6.38-0
Affected Version
From:
v7.1.0
To:
v7.1.0
2018
Show More

ShareAlarmPro 2.1.4 – Denial of Service (PoC)

This exploit creates a file with a large payload, causing the ShareAlarmPro software to crash when attempting to open it. It is a proof-of-concept exploit that demonstrates the vulnerability in the software. The vulnerability allows an attacker to cause a denial of service condition by sending a specially crafted payload to the software.

7.5
CVSS
HIGH
Denial of Service
CWE
Product Name
ShareAlarmPro
Platforms Tested
Windows 7 SP1 x86
Affected Version
From:
ShareAlarmPro 2.1.4
To:
ShareAlarmPro 2.1.4
2018
Show More

MAGIX Music Editor 3.1 – Buffer Overflow (SEH)

This exploit takes advantage of a buffer overflow vulnerability in MAGIX Music Editor 3.1. By providing a specially crafted input, an attacker can overflow a buffer and overwrite the Structured Exception Handler (SEH) to gain control of the program flow. This allows the attacker to execute arbitrary code, such as launching a calculator application.

7.5
CVSS
HIGH
Buffer Overflow
Buffer Overflow
CWE
Product Name
Music Editor
Platforms Tested
Windows 7 SP1 x86
Affected Version
From:
3.1
To:
3.1
2018

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR