PHPDev5 creates 4 default users with blank passwords, allowing attackers to have full control over databases and execute malicious SQL queries or download PHP shells.
This script tests for a remote file inclusion vulnerability in SocialMPN. It takes two command line arguments: the target website and the exploit file. It sends a request to the target website with the specified exploit file included in the URL. If the response contains 'HTTP/1.0 200 OK', it indicates that the site may be vulnerable.
This exploit allows an attacker to bypass authentication in phpBB 2.0.12 without registering on the victim's forum. By manipulating the cookie data, the attacker can gain high-level permissions and access the Administration Panel.
The Phpenpals script version <= 1.1 is vulnerable to SQL Injection. By exploiting this vulnerability, an attacker can gain unauthorized access to the admin password and potentially retrieve sensitive information such as the contents of the /etc/passwd file.
The SA25276 patch uses strncpy to fix a buffer overflow vulnerability in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked for being non-negative, but that can happen if ctcpbuf is ''. That causes a remote crash vulnerability to be exploited by anyone connected to the same IRC network as eggdrop.
The Template Monster Clone website is vulnerable to a change password vulnerability. Attackers can manipulate the form fields to change the password of any user on the website.
This exploit targets OpenBSD versions 2.0 to 3.6 and causes a remote Denial of Service (DoS) by sending a specially crafted packet. It takes advantage of a vulnerability in the OpenBSD errata. The exploit was coded by __blf in 2005 for the RusH Security Team. The public version of this exploit allows for the modification of the TimeStamp to cause a system crash. The exploit has been tested on OpenBSD 3.5 and 3.6. The vulnerability details can be found in the OpenBSD errata page (http://www.openbsd.org/errata.html).
The adminaddeditdetails.php script in the 2daybiz Business Community Script is vulnerable to a remote blind SQL injection attack. An attacker can exploit this vulnerability to gain unauthorized access to the application's database.
The exploit creates a .CSS file that should be included in an HTML file. When a user loads the HTML file, Internet Explorer will try to parse the CSS and trigger the buffer overflow.
This exploit is for a blind SQL injection vulnerability in the Family Connections CMS version 1.9 and below. The vulnerability allows an attacker to inject SQL queries through the 'member' GET variable. The exploit takes advantage of the vulnerability to extract sensitive information from the database.
Services By CQR