Shape Web Solutions CMS is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Bedder CMS is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries into the vulnerable parameter of the application. This can be exploited to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerable parameter can be identified by sending a request with a true and false condition. If the application responds differently to the two requests, then the parameter is vulnerable to SQL injection.
This vulnerability allows an attacker to gain access to sensitive information from the database of a website that is powered by Blue Hat. The attacker can exploit this vulnerability by entering malicious SQL queries into the vulnerable parameters of the website. The malicious queries can be used to extract sensitive information from the database such as usernames, passwords, and other confidential data.
MS Word Record Parsing Buffer Overflow(MS-09-027) Vulnerble application MS office 2003 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Bug Found By Wushi of team509 Greets Villy, Abhishek Lyall and ASL IT SECURITY TEAM Original Author Abhishek Sahni - abhi00703[at]gmail[dot]com, info[at]aslitsecurity[dot]com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Metasploit Module by aking1012 tested on xpsp3 with office 2k3 note requires non-standard ulimit parameters at least on my box requires a larger than default stack at least on my laptop due to how ruby handles the LARGE compressed section...moving on... ulimit -s 100000 is required to run this exploit appropriately This was for a tutorial on www.securitytube.net and in reference to several questions on their q and a side There are some things I could do better in here, but it was for a tutorial.
A vulnerability exists in softxmlcms which allows an attacker to upload a malicious file to the server. The attacker can access the file by navigating to the /images/ directory. The vulnerable page is XMLEditor2.0/uploadfile1.asp, where the attacker can select a malicious file and upload it to the server.
This module exploits a vulnerability in Adobe Flash Player that was discovered, and has been exploited actively in the wild. By embedding a specially crafted .swf file, Adobe Flash crashes due to an invalid use of an object type, which allows attackers to overwrite a pointer in memory, and results arbitrary code execution.
A vulnerability exists in the 'Stylesheet' link of SQL-Ledger that lets you view the contents of the stylesheet you have associated with your login. An 'Edit' link is at the bottom. If you edit the 'file' post parameter you can enter any relative or absolute file (/etc/passwd, sql-ledger.conf) that the web server has permission to read. If you have read and write access, you can save your modifications to the file with the 'Save' button. For example, everything including the sql-ledger.conf file is just a perl script, making dropping a perl shell trivial.
TextAds 2.08 Script Cross Site Scripting Vulnerability allows an attacker to inject malicious scripts into the Title field of the NewAds page. This can be used to steal the administrator's cookie and gain access to the site.
A vulnerability has been discovered in the Collaborative Passwords Manager (cPassMan) web application that can be exploited to retrieve files from the local host file system. The input passed to the component 'sources/downloadfile.php' via the 'path' variable allows the retrieval of any file on the local file system that the web server has access to. There is no data validation or authorisation mechanisms present within this component.
SimplyPlay V.66 is vulnerable to a buffer overflow vulnerability when a specially crafted .PLS file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a malicious .PLS file.
Services By CQR