Apache Scanning is a technique used to scan the ports of a remote host using an Apache web server. It is done by sending a GET request to the Apache server with the target host and port as parameters. The response from the server will indicate whether the port is open, closed, or filtered.
This module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click or file open. By doing so, an attacker can execute arbitrary code as the victim user.
This module exploits a buffer overflow in ACDSee FotoSlate 4.0 Build 146 via a specially crafted id parameter in a String element. When viewing a malicious PLP file with the ACDSee FotoSlate product, a remote attacker could overflow a buffer and execute arbitrary code. This exploit has been tested on systems such as Windows XP SP3, Windows Vista, and Windows 7.
Use after free in the handling of project files containing some malformed fields like the size of the embedded zip archive or some counters that may allow code execution. No additional research performed because it was only a quick test, the following are various examples of locations for the possible code execution: 00460ee6 8b01 mov eax,dword ptr [ecx], 005239ca 8b06 mov eax,dword ptr [esi], 0040d11b 8b16 mov edx,dword ptr [esi].
A SQL injection vulnerability exists in the signature.php file of MyBB Advanced Forum Signatures (afsignatures-2.0.4). An attacker can exploit this vulnerability by sending a specially crafted POST request with malicious SQL code to the signature.php file. This can allow the attacker to gain access to sensitive information stored in the database.
Local File Inclusion, Cross-Site Scripting (XSS) and Information Disclosure vulnerabilities were identified within POSH version 3.1.1. Proof of concept includes Information disclosure, XSS and Local File Inclusion.
Input passed via the parameters 'redirect.php' in 'message.php' and 'w' and 'd' in 'index.php' script are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code or execute arbitrary HTML and script code in a user's browser session in context of an affected site. Path disclosure resides in the 'sq' parameter in '/plugins/search/search.php' script.
RoundCube 0.3.1 is vulnerable to SQL Union Injection. An attacker can exploit this vulnerability by sending a POST request to the index.php page with a malicious payload in the _timezone parameter. Additionally, the application is also vulnerable to XRF attacks, which can be exploited by changing the _action parameter to anything. Successful tampering will lead to username compromising.
The Filmis - Version 0.2 Beta web application is vulnerable to both SQL Injection and XSS attacks. An attacker can exploit the vulnerability by sending a maliciously crafted HTTP request to the vulnerable web application. The vulnerable code is located in the cat.php file, where the $idcat variable is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable web application, such as http://localhost/filmis/cat.php?nb=-1'. For XSS, an attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable web application, such as http://localhost/filmis/cat.php?nb=1><script>alert(document.cookie)</script>
KaiBB 2.0.1 is prone to XSS and SQL Injection vulnerabilities. Cross-site Scripting: http://<target>/kaibb/?'</script><script>alert(document.cookie)</script> http://<target>/kaibb/index.php?'</script><script>alert(document.cookie)</script> SQL Injection: http://<target>/kaibb/rss.php?forum=' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL AND 'a'='a http://<target>/kaibb/rss.php?forum=' UNION ALL SELECT NULL, version(), NULL, NULL, NULL, NULL, NULL AND 'a'='a http://<target>/kaibb/rss.php?forum=' UNION ALL SELECT NULL, user(), NULL, NULL, NULL, NULL, NULL AND 'a'='a
Services By CQR