7 Sticky Notes v1.9 allows OS command injection via the 'Alarms' feature. By setting an alarm with a malicious command in the 'Action' field, an attacker can execute arbitrary commands on the underlying operating system.
This module exploits an arbitrary PHP code execution flaw in the Limbo version 1.*. All versions UNPATCHED Limbo 1.x are affected.
Mocha W32 LPD is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
This exploit targets the PrecisionID Barcode ActiveX control version 1.9 in Internet Explorer 6. By sending a specially crafted input, an attacker can cause a denial of service condition. The exploit has been tested on Windows XP Professional SP2 with all patches applied and Internet Explorer 6. Other software that uses this ActiveX control may also be vulnerable.
This exploit allows an attacker to perform a Denial of Service attack on a target running TinyWeb version 1.9. It sends multiple requests to the target's /cgi-bin/.%00./dddd.html URL, causing the server to become unresponsive.
A vulnerability in 4images 1.9 allows an authenticated administrator user to execute arbitrary code on the server by uploading a malicious template. To exploit the vulnerability, an attacker must first login as an administrator user, then browse to General -> Edit Templates -> Select Template Pack -> default_960px -> Load Theme. The attacker then selects the template categories.html and inserts a reverse shell payload. After clicking Save Changes, the attacker browses to http://host/4images/categories.php?cat_id=3D1 and a reverse shell is established.
This exploit allows a remote attacker to overwrite the system.ini file on a vulnerable system. It is triggered by a malicious user clicking a button on a webpage containing the exploit code. The exploit code is written in VBScript and is triggered by a malicious user clicking a button on a webpage containing the exploit code. The exploit code is written in VBScript and is triggered by a malicious user clicking a button on a webpage containing the exploit code. The exploit code is written in VBScript and is triggered by a malicious user clicking a button on a webpage containing the exploit code. The exploit code is written in VBScript and is triggered by a malicious user clicking a button on a webpage containing the exploit code.
phpMyChat is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. phpMyChat Plus 1.9 and prior versions are vulnerable to these issues; other versions may also be affected.
IDevSpot BizDirectory is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow an attacker steal cookie-based authentication credentials and launch other attacks.
This module exploits a stack buffer overflow in AT-TFTP v1.9, by sending a request (get/write) for an overly long file name.
Services By CQR