The PhpMyLogon application is vulnerable to SQL injection. By manipulating the username field during the login process, an attacker can bypass authentication and gain unauthorized access to the application. The vulnerable code retrieves user information from the database using a SQL query that is constructed with user-supplied input without proper sanitization or parameterization, allowing an attacker to inject malicious SQL statements. This vulnerability can be exploited by entering a specially crafted username, such as 'blake' or '1'='1' #', which will cause the query to return all records from the database, effectively bypassing the authentication check. This allows the attacker to log in as any user without knowing their password.
The exploit allows an attacker to cause a Denial of Service (DoS) by sending a specially crafted request to the Kerio MailServer 6.2.2. The vulnerability is fixed in Kerio MailServer 6.3.1.
The vulnerability exists in the forgotpassword.php file of MicroWorld eScan Antivirus < 3.x on Linux. The script does not properly validate user input in the 'uname' parameter, allowing an attacker to inject malicious commands and execute them with root privileges. By sending a specially crafted POST request to the forgotpassword.php script, an attacker can execute arbitrary commands on the target system.
This exploit targets the com_invoke(), com_propput(), com_propset(), and iconv_mime_encode() functions in PHP versions 4.4.6 and 5.0.3. It causes a local denial of service by repeatedly calling these functions with a large buffer size, resulting in resource exhaustion.
Remote rpc exploit breaking non exec memory protection schemes. Tested against OverflowGuard and StackDefender (kernel32 imagebase randomization). Currently breaking Windows 2000 SP0 (english) and Windows XP SP0 (english).
This vulnerability allows an attacker to add a new link through Cross-Site Request Forgery (CSRF) on the Admin module of AneCMS. By exploiting this vulnerability, an attacker can submit a form with hidden fields containing malicious data, which will be executed when the form is submitted by an authenticated user.
The vulnerability allows an attacker to add an admin user through a Cross Site Request Forgery attack. The attacker can submit a form with hidden fields containing the necessary information to create a new admin user.
Local exploitation of a buffer overflow vulnerability in WinAce allows attackers to execute arbitrary code. When WinAce attempts to compress any file, it creates a temporary file that contains the location of the file to be compressed. The vulnerability occurs when parsing temporary files with long file entries. Opening a malicious tmp file will cause WinAce to crash and potentially allow for code execution.
The vulnerability allows an attacker to delete the Admin user through Cross Site Request Forgery (CSRF). The attacker can execute a script that sends a request to the targeted URL with the user ID, causing the user to be deleted.
This module exploits a stack overflow in the CWD verb in Easy~FTP Server. You must have valid credentials to trigger this vulnerability.
Services By CQR