The AJ Auction script is vulnerable to an authentication bypass vulnerability. This allows an attacker to access administrative pages without proper authentication.
The PHPStore Complete Customizable Classifieds application allows remote file upload, which can be exploited to upload malicious PHP files and gain unauthorized access to the server. An attacker can register on the site, add a malicious PHP code to the shell, and upload it as a logo. The uploaded shell can then be accessed at the path localhost/script/yellow_images/[ID]_logo_your_shell.php.
This module sniffs RTIP login requests from the network
This exploit targets a buffer overflow vulnerability in the VLC Media Player version 0.9.6 and earlier. By exploiting this vulnerability, an attacker can execute arbitrary code on a target system. The exploit requires a 'jmp esp' address in one of the DLLs loaded with VLC. This specific exploit is designed to work on a fully up-to-date Windows XP SP3 system. The author does not take responsibility for any damage caused by using this exploit.
This exploit allows an attacker to perform a brute force attack and execute commands on a Webmin server. It takes a target host and a command as input. It tries different passwords until it finds a valid session ID (SID). Once the SID is found, it connects to the host again and sends a buffer containing the command to be executed.
The e107 remote exploit allows an attacker to send an include() vulnerability to a host victim, resulting in the upload of a malicious file to /images/evil.php. This can lead to remote code execution on the victim's system.
The Recly!Competitions Component version 1.0.0 is vulnerable to multiple remote file inclusion. The vulnerability exists in the add.php, competitions.php, and settings.php files. An attacker can exploit this vulnerability by injecting malicious code in the mosConfig_absolute_path parameter in the URLs of these files.
The phpMyChat application is vulnerable to a remote code execution vulnerability. This exploit allows an attacker to dump the MySQL database credentials and gain administrative access to the application.
Santy.A is a web worm that targets phpBB version 2.0.10 and earlier. It spreads by exploiting a vulnerability in the software and uses Google to search for vulnerable phpBB installations. Once found, the worm attempts to infect the vulnerable site by injecting malicious code. The worm was first discovered in 2004 and is considered a proof of concept.
This exploit allows an attacker to execute arbitrary code on a target system running Simple Machines Forum version 1.1.6 or below. The vulnerability exists in the Sources/QueryString.php and Sources/Themes.php files when magic_quotes is turned off.
Services By CQR