This is a proof of concept exploit for WebConnect version 6.4.4 - 6.5. It allows an attacker to execute arbitrary code on the target system.
This exploit takes advantage of a SQL injection vulnerability in the Geeklog software version 1.5.2 and below. The vulnerability exists in the SEC_authenticate()/PHP_AUTH_USER function. By exploiting this vulnerability, an attacker can execute arbitrary SQL queries in the application's database.
Chat Anywhere 2.72a discloses passwords to local users.
This exploit takes advantage of a buffer overflow vulnerability in XBMC 8.10. By sending a specially crafted HEAD request, an attacker can trigger a buffer overflow condition, potentially leading to remote code execution.
Heap overflow vulnerability in Unsniff Network Analyzer 1.0 allows remote attackers to execute arbitrary code via a crafted packet.
WWW File Share Pro 2.72 discloses passwords to local users.
This is a proof of concept exploit for the UltraISO software version 9.3.3.2685. It demonstrates an off-by-one vulnerability that can lead to a buffer overflow.
This exploit takes advantage of a local require() vulnerability in iDB, a PHP/MySQL BBS. The vulnerability allows an attacker to include arbitrary local files by manipulating the 'skin' variable before it is saved to the database. By setting the 'skin' variable to a malicious value, an attacker can include sensitive files, such as the passwd file, and retrieve their contents. The vulnerability is limited by the length of the 'skin' variable, which is restricted to 26 characters.
SendLink v1.5 discloses passwords to local users.
The form2list (page.php) (id) vulnerability allows remote attackers to inject SQL commands via the id parameter.
Services By CQR