This exploit allows an attacker to perform a remote SQL injection attack in the Joomla Component jabode. The vulnerability can be exploited by sending a specially crafted request to the target Joomla website, which can lead to unauthorized access or disclosure of sensitive information.
The A+ PHP Scripts - News Management System suffers from insecure cookie handling. When an admin login is successful, the script creates a cookie to show that the user is already logged in. However, the cookie does not contain any password or similar authentication. This allows an attacker to craft an admin cookie and make it look like they are logged in as a legitimate admin.
An attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions not being properly checked.
This vulnerability allows an attacker to include local files from the target system by manipulating the 'action' parameter in the index.php file. By using directory traversal techniques, an attacker can access sensitive files on the target system.
This exploit sends a HELO request packet containing 30K of data to the BaSoMail Server POP3 and SMTP v1.24. If used at least 3 times, it will cause a Denial of Service (D.o.S) on the SMTP and POP services. This exploit was discovered by Ziv Kamir and exploited by KaGra. It has been tested on Windows XP SP1 English.
The vulnerability allows an attacker to perform SQL injection in the Jokes & Funny Pics Script. The exploit can be executed by injecting a malicious payload in the 'sbjoke_id' parameter of the 'index.php' script. This allows the attacker to retrieve sensitive information from the database, such as the admin password and name.
This exploit allows an attacker to remotely crash the Quick 'n EasY VER 2.4 Ftp Server by sending a large buffer in the PASS command. This can be done without any user account. The vulnerability can be triggered when the server's log file is viewed. The exploit can also be used with other commands like APPE and CWD, but for those, at least a guest account is required. The exploit has been tested on Windows XP SP1 English version.
Input passed to the "listing_id" parameter in index.php is not properly verified before being used in an sql query. This can be exploited thru the browser to manipulate SQL queries and pull the username and password from realtors and users in plain text. Successful exploitation requires that "magic_quotes" is off.
Remote exploit in APPE command discovered and exploited by KaGra. Use it with netcat: exploit.py|nc (host) 21. BindShell at port 4444, one shot only!
This is a local exploit for the socat <= 1.4.0.2 version. It is a proof of concept for the vulnerability. The exploit allows an attacker to execute arbitrary code by exploiting a format string vulnerability in the socat program. The vulnerability occurs due to improper handling of user-supplied format string arguments, which can be exploited to overwrite memory and execute arbitrary code.
Services By CQR