This exploit causes a denial of service in LiteServe 2.81 by sending a large number of characters in the PASV command. In certain conditions, registers were overwritten. There are a number of other FTP commands that exhibit the same behavior.
Simple Machines Forum (SMF) 2.0 is vulnerable to session hijacking. SMF stops CSRF attacks by sending a session token in all the requests which make changes to the forum. Usually, it goes in the POST content but when navigating the moderation zone it's present in the URL. An attacker can use BBcode to insert an <img> tag, forcing the browser to make a request and leak the token in the referer header. There are two ways for an attacker to place an image: writing in the moderators chat (?action=moderate) or making a post and reporting it to the moderator. Removing lines 104 and 105 from Subs-Menu.php seems to solve the problem.
This exploit allows an attacker to execute arbitrary PJL commands on HP printers. The exploit is triggered by sending a specially crafted PJL command to the printer's port 9100. This can be used to gain access to the printer's file system and execute arbitrary commands.
HP JetDirect PJL Interface Universal Path Traversal is a vulnerability that allows an attacker to traverse the directory structure of a vulnerable HP printer. It is possible to traverse the directory structure of the printer and access sensitive files, such as configuration files, log files, and other sensitive information. The vulnerability is caused by the lack of proper input validation in the PJL interface of the printer. By sending specially crafted PJL commands, an attacker can traverse the directory structure of the printer and access sensitive files.
This exploit uses a combination of LoadLibraryA, GetProcAddress, and VirtualProtect to bypass Data Execution Prevention (DEP) on Free CD to MP3 Converter 3.1. The exploit loads the kernel32.dll library, gets the address of the VirtualProtect function, and then calls VirtualProtect with the address of the shellcode, the size of the shellcode, and the desired protection.
sabadkharid CMS is vulnerable to SQL Injection and LFI. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary code on the server.
Input passed via the parameter 'myown_patch_id' in '/updater/patch_edit.php' and the parameter 'id' in '/user/user_create_edit.php' script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
UPM Polls version 1.0.3 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerable code is located in the poll_logs.php file, where the user-supplied input is not properly sanitized before being used in a SQL query. This can be exploited to inject arbitrary SQL code via the 'qid' parameter in a GET request.
The vulnerability is caused due to the ThreeDify.ThreeDifyDesigner.1 (ActiveSolid.dll) ActiveX control including the insecure "cmdOpen()" and "cmdSave()" methods. The following PoC code is available: <html><object classid='clsid:32B165C1-AD31-11D5-8889-0010A4C62D06' id='target' /></object><input language=VBScript onclick=Boom() type=button value="Exploit"><script language = 'vbscript'>Sub Boom(){arg1="A"*1000;target.cmdOpen arg1;}</script></html>
CiscoKits TFTP Server is vulnerable to directory traversal attack. An attacker can exploit this vulnerability to read any file from the server. The vulnerability exists due to insufficient sanitization of user supplied input in the TFTP Read Request packet. An attacker can send a specially crafted packet with directory traversal characters to read any file from the server.
Services By CQR