This vulnerability allows remote attackers to cause a denial of service (crash) in Microsoft Internet Explorer. The vulnerability is caused due to an error in the handling of the "window.onerror" event handler. By calling a function that does not exist, an attacker can cause a stack overflow and crash the browser. This vulnerability affects Internet Explorer 5.01, 5.5 and 6.0.
This exploit show the username of the administrator of the blog and his password crypted in MD5.
Allegro's RomPager is reported prone to a remote denial of service vulnerability. If a specifically-malformed request is sent to Allegro's RomPager, it will crash, often crashing the parent device as well. In this manner, network hardware and possibly entire networks can be rendered unusable by any remote attacker using only a browser. The following example is made available by Seth Alan Woolley: $ ip_address="some.ip.add.ress" $ ping $ip_address # works the one-liner: $ perl -e 'print "GET / HTTP/1.1rnHost: '"$ip_address"'rnAuthenticate: " . 'A' x 1024 . "rnrn"' | nc "$ip_address" 80 $ ping $ip_address # doesn't work
An attacker can exploit a SQL injection vulnerability in MDaemon WebAdmin 2.0.X by sending a crafted request to the /WebAdmin.dll?Session parameter. This can allow the attacker to access the underlying database and potentially execute arbitrary code.
Zeroboard is vulnerable to a preg_replace vulnerability which allows an attacker to execute arbitrary code on the vulnerable server. This exploit allows an attacker to upload a backdoor PHP script to the vulnerable server and gain remote access.
This exploit is a proof-of-concept code for a vulnerability in the Windows COM Structured Storage, which allows an attacker to execute arbitrary code with SYSTEM privileges. It works on Win2k sp4, WinXP sp2, Win2k3 sp0. It requires the user to close all running programs to avoid possible problems. If it finds the section and it doesn't work, the user can remove section permissions from msiexec service process with WinObj or crash the msiexec service and try again. If offsets don't work, the user can debug and change them.
This exploit allows an attacker to bypass the authentication of the PHP Stat administrative user. The attacker can send a crafted HTTP request to the vulnerable server with the username and password set to 'admin' and 'abc123' respectively. This will allow the attacker to gain access to the administrative user account.
This exploit allows an attacker to gain access to a user's account by injecting malicious SQL code into the login page of a website.
This tutorial explains how to bypass authentication in Invision Power Board (IPB) version 2. It involves exploiting a vulnerability in the IPB authentication system which allows an attacker to bypass authentication and gain access to the application. The exploit requires the attacker to have access to the Mozilla Firefox cookie file, which can be found in the user's profile directory. The attacker then adds two entries to the cookie file, one for the member_id and one for the pass_hash. The values for these entries are taken from the output of the exploit. Once the entries are added, the attacker can then login to the application using the modified cookie file.
A denial of service vulnerability exists in FTPDMIN v. 0.96. By sending a specially crafted LIST command with an overly long string, a remote attacker can cause the application to crash.
Services By CQR