Unclassified NewsBoard 1.5.3 patch level 3 is vulnerable to a blind SQL injection vulnerability in the 'Datefrom' parameter. This allows an attacker to dump the admin MD5 password hash.
This exploit retrieves the config.inc.php file which contains the db user/pass. To get another file, the user needs to have the good cookie. A phpscript can be used to get the good cookie.
Veritas Storage Foundation 4.0 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of the VCSI18N_LANG environment variable. An attacker can exploit this vulnerability to execute arbitrary code with the privileges of the vulnerable application.
XOOPS WF_Downloads Module v 2.05 is vulnerable to SQL injection, which allows an attacker to disclose admin credentials and execute remote commands. The vulnerability is due to insufficient sanitization of user-supplied input in the 'xoopsConfig[language]' parameter of the 'editor_registry.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a specially crafted 'xoopsConfig[language]' parameter to the vulnerable script. This will allow the attacker to disclose admin credentials and execute remote commands.
This vulnerability allows an attacker to inject arbitrary SQL code into the ibProArcade and vBulletin forums. By exploiting this vulnerability, an attacker can gain access to the database and extract sensitive information such as usernames and passwords.
This exploit allows an attacker to execute arbitrary commands on a vulnerable CuteNews 1.4.1 (and possibly prior versions) installation. The attacker must have access to the Apache web server and must fill in the requested fields in order to execute the exploit.
HTTP Header Injection is a vulnerability that occurs when user input is not properly sanitized and is then used as part of an HTTP request header. This can allow an attacker to inject arbitrary HTTP headers, which can be used to launch further attacks such as Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF). This vulnerability affects Win32 platforms and can be exploited by sending a specially crafted HTTP request to the vulnerable server.
This code snippet is a demonstration of how to handle errors in Windows Winsock. It includes a switch statement that contains a list of errors and their corresponding messages. If an error occurs, the code will print the corresponding error message. This code could be used to create a buffer overflow vulnerability if the error messages are not properly sanitized.
This code snippet is a proof of concept for a buffer overflow vulnerability in the WSASocket() function. It is used to test the error codes returned by the function when an invalid argument is passed.
This exploit allows an attacker to gain access to the website's database when the magic_quotes_gpc is OFF. The exploit is done by sending a malicious URL to the website which contains a UNION SELECT statement that retrieves the user's credentials from the members table.
Services By CQR