phpcms V9 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'catid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'catid' parameter. This will allow the attacker to execute arbitrary SQL commands on the underlying database. The vulnerability can be exploited by sending a specially crafted HTTP request with a malicious 'catid' parameter.
fxscover.exe is available on Windows after the installation of the Fax Service. The various 'Text' elements have a 16bit field that seems used to index them and by default it has a negative value like 0x8001. By using a positive value major than 0 and lower than the total number of elements is possible to cause a problem during the freeing of the allocated object. The provided proof-of-concept demonstrates the possibility of executing code immediately after the acknoledgement of the initial message box when is called FXSCOVER!CDrawDoc::Remove by FXSCOVER!CDrawDoc::DeleteContents.
Look 'n' Stop Firewall 2.07 provides key features to protect your computer against cyber threats. It prevents malicious programs from transmitting the data of your computer to hacker's computers. Look 'n' Stop Firewall 2.07 also protects your computer from external intrusions. lnsfw1.sys driver generate a BSOD with particular value of IOCTL. Kernel wait an action with a kernel debugger.
The vulnerability exists in the viewfaqs.php file, which allows an attacker to inject malicious SQL queries into the application. The attacker can use the substring() function to check the version of the database and extract information from the database.
A Remote SQL Injection vulnerability exists in Phpcms 2008 V2, which allows an attacker to inject malicious SQL queries via the 'modelid' parameter in the 'flash_upload.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.0. Successful exploitation of this vulnerability requires that magic_quotes_gpc is disabled.
The vulnerability exists in the viewfaqs.php script, which allows an attacker to inject malicious SQL queries into the application. The attacker can use the substring() function to check the version of the database and determine if the query is true or false.
I have discovered some vulnerabilities in Simploo CMS, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "FTP-Server" field when editing FTP options is not properly sanitised in lib/Simploo/Config/Writer/Ini.php before being saved to the config/custom/base.ini.php file. This can be exploited to inject and execute arbitrary PHP code via a specially crafted parameter value. Successful exploitation requires "write" privileges.
This exploit allows an attacker to create a malicious web page that, when visited by an authenticated user, will create a new admin account with the username 'admin' and the password 'admin'. The malicious web page contains two forms, one that creates the new admin account and another that sends a GET request to the main.php file. The exploit is possible due to the lack of CSRF protection in the N-13 News 3.4 application.
This exploit is a Denial of Service (DoS) vulnerability in Google Chrome v8.0.552.237. It is triggered by a maliciously crafted URL that causes an address overflow in the browser. This causes the browser to crash, resulting in a DoS condition.
A parameter is not properly sanitised before being used in SQL queries, allowing attackers to manipulate SQL queries by injecting arbitrary SQL code.