header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

10-Strike Network Inventory Explorer Pro 9.31 – Buffer Overflow (SEH)

This exploit targets a buffer overflow vulnerability in 10-Strike Network Inventory Explorer Pro version 9.31. By sending a specially crafted payload, an attacker can trigger a buffer overflow condition, potentially allowing for arbitrary code execution.

YouTube Video Grabber 1.9.9.1 – Buffer Overflow (SEH)

This exploit takes advantage of a buffer overflow vulnerability in YouTube Video Grabber version 1.9.9.1. By running a Python code, an attacker can trigger the overflow and gain control over the program. The exploit involves opening a malicious file, which leads to the execution of arbitrary code and the creation of a bind shell on port 3110.

Ericsson Network Location MPS – Restrictions Bypass RCE (Meow Variant)

This module exploits an arbitrary command execution vulnerability in Ericsson Network Location Mobile Positioning Systems. The 'export' feature in various parts of the application is vulnerable. It allows command injection with preventions bypass operation.

Gestionale Open 11.00.00 – Local Privilege Escalation

By default, the Authenticated Users group has the modify permission to Gestionale Open folders/files. A low privilege account can rename the mysqld.exe file located in the bin folder and replace it with a malicious file that would connect back to an attacking computer, giving system level privileges. The service running as Local System allows the execution of the malicious file when the computer is restarted. The application also has unquoted service path issues.

Jetty 9.4.37.v20210219 – Information Disclosure

This exploit allows an attacker to retrieve sensitive information from the web.xml file in Jetty 9.4.37.v20210219 and 9.4.38.v20210224 versions. By sending a specially crafted HTTP request, an attacker can access the web.xml file containing configuration details and potentially sensitive information.

NIMax 5.3.1f0 – ‘VISA Alias’ Denial of Service (PoC)

The NIMax software version 5.3.1f0 is vulnerable to a local denial of service (DoS) attack. By adding a specially crafted alias and triggering the 'ok' button, the application crashes, resulting in a denial of service condition. This PoC demonstrates the vulnerability by creating a file with a large number of 'A' characters and using it as a resource name.

Recent Exploits: