Exploits 114 - exploit.company

E-Xooport 3.1 SQL Injection Exploit 01

This exploit targets the E-Xoops CMS version 3.1 and leverages a SQL injection vulnerability in the eCal module to extract user data from the database. The script also includes an option to brute force the table name if the exploit does not work initially. The exploit has been tested and verified.

5.5

CVSS

MEDIUM

SQL Injection

Affected Version

Apple Directory Services Memory Corruption

chfn, chpass and chsh dos not properly parse authname switch ("-u"), which causes the applications to crash when parsing a long string. Those binaries are setuid root by default.

Affected Version

Apple Mac OS X 10.5.8 32bits, Apple Mac OS X 10.6.2 64bits

FileCOPA FTP Server 6.01 directory traversal

The FileCOPA FTP Server 6.01 is vulnerable to directory traversal, allowing an attacker to access files outside of the server's root directory.

Windows XP SP3 Professional

Affected Version

ProFTPD IAC Remote Root Exploit

This exploit allows remote attackers to execute arbitrary code on ProFTPD servers. It takes advantage of a vulnerability in the IAC (Input Abstraction Class) feature of ProFTPD.

7.5

CVSS

HIGH

Remote Code Execution

FreeBSD, Debian GNU/Linux, SUSE Linux, CentOS

Affected Version

Joomla Component com_dcnews LFI Vulnerability

The Joomla component com_dcnews is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to include local files on the server.

Joomla Component com_dcnews

Affected Version

Woltlab Burning Board 2.x Remote SQL Injection

This exploit allows an attacker to execute a remote SQL injection attack on Woltlab Burning Board 2.x. By providing specific parameters, the attacker can retrieve sensitive information such as usernames, email addresses, and MD5 hashes of passwords.

Affected Version

Woltlab Burning Board 2.x

Joomla Component com_connect LFI Vulnerability

The Joomla Component com_connect is vulnerable to Local File Inclusion (LFI) attack. An attacker can exploit this vulnerability to include local files and potentially disclose sensitive information.

Affected Version

Filefuzzer Denial of service vulnerability

The Filefuzzer software is vulnerable to a denial of service attack. By setting up the application to fuzz the 'bkf' file type and executing the application with a modified argument, an attacker can cause the application to crash.

Windows XP SP3 (English) on VMware

Affected Version

WinTFTP Server Pro v3.1 Remote Directory Traversal Vulnerability

WinTFTP Pro Server is vulnerable to a path traversal vulnerability, which allows an unprivileged attacker to read and write files that they do not have permissions for. The vulnerability can be exploited using the FTP commands GET and PUT.

Affected Version

High-Tech Bridge SA - Ethical Hacking & Penetration Testing

vendor:

basic-cms.org

SweetRice CMS Vulnerabilities

The logic error vulnerability allows an attacker to change the admin password by exploiting the '/as/index.php' script. The XSS vulnerability allows an attacker to execute malicious scripts by injecting them into the 'username' variable from a cookie. The SQL injection vulnerability allows an attacker to manipulate the SQL queries in the '/as/index.php' script.

3.3

CVSS

LOW

Logic error, XSS (Cross Site Scripting), SQL Injection

Affected Version