This exploit allows an attacker to disclose the admin and users credentials in PHP-Fusion v6.00.109. By manipulating the 'msg_send' parameter in the 'messages.php' file, an attacker can execute a UNION SELECT query to retrieve the user_password from the fusion_users table where the user_name matches the admin_username. This vulnerability can be exploited if magic_quotes is turned off.
This exploit targets the hpodio08.dll file in HP Digital Imaging software. It allows an attacker to execute arbitrary code by creating a malicious object and saving a file on the victim's system. The exploit has been tested on Windows XP SP2.
Openplanning 1.00 is vulnerable to a Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerability. This vulnerability allows an attacker to include arbitrary files from a remote or local file system, potentially leading to remote code execution.
To reset the password just use this: http://127.0.0.1/[path]/admin/change_pass.php so the password will be null, login with single user can admin: http://127.0.0.1/[path]/admin/ Insecure Cookie Handling exploit: javascript:document.cookie="logged=admin;path=/"; http://127.0.0.1/[path]/admin/
EDraw Flowchart ActiveX Control version 2.3 suffers from a buffer overflow vulnerability when parsing .edd file format resulting in an application crash and overwritten few memory registers which can aid the attacker to execute arbitrary code.
This exploit targets the EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) and causes a remote Denial of Service (DoS) attack. By providing a large string as an argument to the 'OpenDocument' function, the control crashes, resulting in a DoS condition. This exploit specifically targets Internet Explorer.
This exploit shows the possibility to run arbitrary code on FreeBSD machines.
Cacti is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-suplied input. Successful attacks can compromise the affected software and possibly the operating system running Cacti. The vulnerability can be triggered by any user performing specific actions.
The exploit occurs when sending an overly long PWD response. By sending a specially crafted response, an attacker can trigger a buffer overflow and potentially execute arbitrary code.
Stack buffer overflow vulnerability in ZipGenius v6.3.1.2552 allows remote attackers to execute arbitrary code via a long filename in a ZIP archive.
Services By CQR