The software version 1.7.3 of pixelpost is vulnerable to stored XSS and CSRF attacks. The 'Image Title' and 'tags' parameters in the admin login page are vulnerable to stored XSS. An attacker can inject malicious code, such as <script>alert('sweet')</script>, to execute arbitrary JavaScript code. Additionally, the admin password change functionality is vulnerable to CSRF. An attacker can change the admin password by sending a crafted request to the 'options' endpoint.
This CMS has an authentication bypass vulnerability with SQL Injection in the login page. The user_name and password parameters received from the login form are passed to the do_login function, where they are then passed to the get_account_information function without any validation. These parameters are directly applied in an SQL query, allowing an attacker to bypass authentication and potentially gain unauthorized access.
This exploit is for Adobe Acrobat and Reader. It takes advantage of a memory corruption vulnerability in the software. The specific vulnerability is related to the "pushstring" function. This exploit allows an attacker to execute arbitrary code on a target system. The impact of this vulnerability is considered to be medium to high.
This version of ASP Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
The exploit takes advantage of a memory corruption vulnerability in Excel 2002 sp3. It uses a combination of pop pop ret and call esp instructions to execute shellcode.
Some Local File inclusion vulnerabilities exist in Component Joomla Jphone 1.0 Alpha 3.
The mod_visitorsgooglemap module of Visitors Google Map Lite 1.0.1 (FREE) is vulnerable to remote SQL injection. The vulnerability exists in the map_data.php file.
This exploit targets a vulnerability in Mozilla Firefox version 3.6.3. It allows an attacker to execute arbitrary code remotely.
This exploit takes advantage of a stack-based overflow vulnerability in Microsoft Office Visio 2002 (xp) when parsing DXF files. By specially crafting a DXF file, an attacker can overwrite the EIP register and control the execution flow of the program. This exploit includes a modified alphanumeric shellcode that executes the calc.exe program.
This exploit targets the ColdCalender v2.06 application, specifically the index.cfm file which is vulnerable to SQL Injection. The exploit assumes that the target has a MSSQL backend. It allows an attacker to execute arbitrary SQL queries and retrieve sensitive information from the database. The exploit also identifies the version of the database, the hostname, the database user, and the database name.
Services By CQR