An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. This can be done by appending the malicious query to the vulnerable parameter in the URL. This can allow the attacker to gain access to the database and extract sensitive information.
This PoC exploits a vulnerability in Getleft v1.2.0.0 which allows an attacker to cause a denial of service (DoS) condition by sending a specially crafted HTTP request containing a large number of HTML tags. This causes the application to crash.
A vulnerability in phpEmployment allows an attacker to upload a malicious file to the server. The vulnerability exists in the auth.php script, which allows an attacker to upload a file with the parameter mode=regnew&adtype=job. The uploaded file can be accessed via the photoes/number_shell.php path.
A vulnerability exists in phpGreetCards script, which allows an attacker to upload a malicious shell and execute arbitrary code. An XSS vulnerability also exists in the 'index.php?mode=select&category' parameter, which allows an attacker to inject arbitrary web script or HTML.
A Blind SQL Injection vulnerability exists in phpLD 3.3 when magic_quotes_gpc is set to Off and register_globals is set to On. An attacker can exploit this vulnerability by sending a specially crafted request to the page.php file with the 'name' parameter. The attacker can then use a series of True and False requests to extract data from the database. For example, an attacker can use the following request to extract the first character of the password from the PLD_USER table: (validpagename)' or ORD(MID((SELECT PASSWORD FROM PLD_USER WHERE ID = 1),1,1))>1#
Social engineer a PHPMotion member to come to a web page with a hidden iframe on there, which pulls in an evil script from pwned.html. This will change the victim's password and email, using their credentials. Javascript is used to submit the form on page load.
PGP Desktop's PGPweded.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD. Affected IOCTL is 0x80022038.
This exploit is for Mozilla Firefox 3.0.5. It creates an HTML file with a JavaScript code that sets the location.hash to a large string of 'A's, causing the browser to crash. It has been tested to crash on Vista, and can be played with on XP.
This exploit is for Roundcube Webmail version 0.2-beta and below. It is a vulnerability in the html2text.php file, which is vulnerable to a preg_replace() / eval bug. The exploit allows an attacker to execute arbitrary PHP code on the vulnerable system.
The Files 'index.php' and 'page.php' contain vulnerable SQL Querys at the GET Parameter 'zv'. In the most cases, a table prefix is needed, which is similar to the websites' name, followed by '_user'. The important column names are 'username' and 'password'. The number of columns is 8 almost everytime.
Services By CQR