The vulnerability allows an attacker to inject malicious scripts into the website by exploiting the Campsite CMS. The attacker can achieve this by logging in as an admin and going to the administration section, specifically the articles editing option. In the heading or content section, the attacker can insert the following script: <marquee><h1>XSS3d By D4rk357</h1><marquee>. Another method for exploiting this vulnerability is for a user to upload a persistent XSS while submitting an article on the website using the same method.
The 2daybiz Businesscard Script suffers from an authentication bypass vulnerability. By using the string "a or 1=1" in the username and password fields, an attacker can bypass the login process.
Corel WordPerfect Office X5 is prone to a remote buffer overflow vulnerability because the application fails to perform adequate boundary checks on user supplied input with .WPD (WordPerfect Document) file. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
This VBS script exploits a vulnerability to create a bind shell on port 4444. The script contains shellcode that is executed when the script is run. The shellcode sets up a listener on port 4444 and allows remote attackers to connect and execute commands on the target system.
A vulnerability in the Firestats plugin for Wordpress allows an attacker to download the configuration file, which contains sensitive information such as the database username and password.
The b2evolution 3.3.3 application is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can create a malicious HTML page that will make a request to the targeted b2evolution admin panel, tricking the authenticated user into performing unintended actions on their behalf.
This exploit is capable of bypassing DEP by using ROP to invoke SetProcessDEPPolicy()
i-Gallery is a complete online photo gallery. Easy to navigate thumbnails with paging. Enlarged views offer print & email buttons. Secured backend features: create/delete folders, upload/delete images, add descriptions, move images, and much more.
This exploit is a local exploit for GSM SIM Utility. It allows for a direct return-oriented programming attack. The code provided in the script is for educational purposes only and should not be used for illegal activities.
Some parameters are not sanitised before being used in SQL queries and in danger PHP's functions. The vulnerabilities are reported in version 2.0.3. Other versions may also be affected. The vulnerabilities include Authentication Bypass, Arbitrary File Upload, Local File Inclusion, and SQL Injection.
Services By CQR