The r57nuke-cid.pl script is a PHP-NUKE 'cid' SQL injection exploit. It takes advantage of a vulnerability in the Download module of PHP-NUKE, which allows for SQL injection. This exploit works only on MySQL version > 4.0 and has been tested on PHP-NUKE versions 6.9, 6.0, and 6.5. The exploit script takes three arguments: the host for the attack, the PHP-NUKE folder, and the user aid or nickname. Upon successful exploitation, it retrieves the user's username and MD5 hash.
The DMXReady Online Notebook Manager application is vulnerable to SQL Injection. This vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access to or manipulation of the application's database.
This vulnerability affects Mailenable Enterprise 1.1 without the ME-10009.EXE patch. SEH gets overwritten at 965 (968 in VMWare) bytes in the EXAMINE command. Filtering of 0x00 0x0a 0x0d 0x20 0x22. No space for shellcode, so 1st stage shellcode is used to jump back 512 bytes into the bindshell (2nd stage) shellcode.
An unauthenticated attacker could send multiple log reset requests to eventlog.cgi, causing a denial of service, which would send the cable modem into a reboot loop.
The vulnerability allows an attacker to upload arbitrary files to the Holiday Travel Portal website. This can lead to remote code execution or other malicious activities.
The Hotel / Resort Site Script with OnLine Reservation System is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'cat_id' parameter in the 'extrapage.php' file. This can lead to unauthorized access, data theft, and potential manipulation of the database.
This exploit takes advantage of a buffer overflow vulnerability in VUPlayer version 2.49 and earlier. The exploit allows an attacker to execute arbitrary code with the permissions of the user running the vulnerable software. The exploit includes a shellcode payload that opens the Windows calculator application (calc.exe).
The exploit allows remote upload of files through a greeting card website. After registering on the website and uploading shells, the uploaded files can be accessed at http://[site]//cards/id_thumb_evil.php. An example demo URL is http://server/cards/1275663706_thumb_oujda.php.
The Joomla component com_searchlog is vulnerable to SQL Injection. The vulnerability is located in the 'log.php' file at line 30. An attacker can exploit this vulnerability by manipulating the 'search' parameter in a POST request. By injecting malicious SQL code, an attacker can manipulate the database and potentially gain unauthorized access or retrieve sensitive information.
The Joomla component com_djartgallery has multiple vulnerabilities including Cross Site Scripting (XSS) and Blind SQL Injection. The XSS vulnerability can be exploited by injecting code into the 'id' parameter in the editimage function. The Blind SQL Injection vulnerability can be exploited by injecting code into the 'cid' parameter in the editItem function. Both vulnerabilities allow an attacker to execute arbitrary code or extract information from the database.
Services By CQR