This exploit allows an attacker to perform a blind SQL injection attack on the target host running the Picture Rating 1.0 script. After running the exploit, the attacker will gain access to the admin details, allowing them to log in to the admin area. From there, they can upload a shell, edit settings to allow PHP extensions, and upload a shell. By navigating to the uploaded shell's link, the attacker gains control.
This is a proof of concept exploit for the Xitami Web Server v2.5c2 LRWP processing format string bug. The exploit allows an attacker to crash the program or execute arbitrary code by sending a specially crafted format string request to the server. The vulnerability is caused by a lack of proper input validation and can be exploited by an attacker with remote access to the server.
SQL injection vulnerability in the com_actualite component in Joomla allows remote attackers to execute arbitrary SQL commands via the edit task in the id parameter, as demonstrated by injecting a UNION SELECT statement to retrieve usernames and passwords from the jos_users table.
PowerPHPBoard has multiple local file include vulnerabilities. The vulnerabilities exist in the script footer.inc.php. To exploit these vulnerabilities, the REGISTER_GLOBALS option must be ON in the PHP config file. The vulnerabilities allow an attacker to include arbitrary files from the server.
Spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid.
This exploit allows an attacker to perform blind SQL injection in Postnuke version 0.764. The vulnerability can be exploited through the benchmark method.
This exploit uses multiple vulnerabilities in multiple versions of PEEL CMS to try to spawn a Remote Upload File. It extracts admin hash and performs remote upload.
This exploit targets CA BrightStor ARCserve Backup r11.5 by exploiting a buffer overflow vulnerability in the AddColumn() function of the ListCtrl.ocx ActiveX control. By sending a specially crafted request, an attacker can trigger a remote buffer overflow and execute arbitrary code on the target system.
The Crysis engine passes along internal debug strings through the game, and one of them is passed to the vsprintf() function in the crt lib. This vulnerability can be exploited by sending a specially crafted format string as input, which can lead to remote code execution or denial of service.
This exploit allows you to login to ICQ server using any account registered locally, no matter the 'save password' option is checked or not. High-level security is also bypassed. All you have to do is run the exploit and set the status property using your mouse when the flower is yellow. If you accidentally set the status to offline then you will need to restart ICQ and run the exploit again.
Services By CQR