This module exploits a buffer overflow vulnerability found in ABBS Electronic Flash Cards 2.1. The overflow occurs when an overly long string is passed in the fcd file. To execute this fcd file the victim has to start to start a new 'random' test.
This module exploits a buffer overflow vulnerability found in ABBS Audio Media Player 3.0. The overflow occurs when an overly long string is passed in the lst file.
This exploit causes a denial of service on Omnicom Alpha 4.0e LPD Server by sending a large number of requests with a large payload. The payload is composed of a queue name followed by a large number of 'A' characters. The exploit requires knowledge of the name of a printer queue on the server.
A vulnerability exists in SiteGenius web application which allows an attacker to perform a blind SQL injection attack. Affected files are topic.php and article.php. The attacker can use the exploit URL http://localhost/sitegenius/topic.php?id=1 and 1=1 to check if the injection is successful.
This module exploits an information disclosure vulnerability in the CA Arcserve D2D r15 web server. The information disclosure can be triggered by sending a specially crafted RPC request to the homepage servlet. This causes CA Arcserve to disclosure the username and password in cleartext used for authentication. This username and password pair are Windows credentials with Administrator access.
A vulnerability in Zoneminder 1.24.3 allows an authenticated user to include remote files via a crafted URL. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'view' parameter of the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary remote files and execute arbitrary code on the vulnerable system.
CMSPro! 2.08 versions contain a flaw that allows a remote Cross-site Request Forgery (CSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for majority of administrator functions such as delete , assigning user to administrative privilege. By using a crafted URL, an attacker may trick the victim into visiting to his web page to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
Joomla Component obSuggest is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to include local files on the server, which can lead to the disclosure of sensitive information. This vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal characters to the vulnerable script. Successful exploitation of this vulnerability can result in the disclosure of sensitive information.
Digital Scribe suffers from multiple POST XSS vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.
Link Station Pro is without doubt, the most efficient, easiest and most configurable reciprocal link management tool available for all your reciprocal link requirements. Attackers can use Authentication Bypass to get into Admin Panel in the site. Reflected XSS Vulnerability can be exploited in admin panel(in most of the text fields)
Services By CQR