A Blind SQL Injection vulnerability exists in CF_AUCTION, which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to gain access to sensitive data, modify data, or even execute system commands on the server.
This exploit is used to gain access to the username and password of the CF_Calendar application. It uses a HTTP GET request to send a malicious payload to the application which then returns the username and password of the application. The payload is sent to the application in the form of a URL which contains the malicious code.
CF SHOPKART V5.2.2 is vulnerable to Blind SQL Injection and Database Disclosure. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. This will allow the attacker to gain access to the underlying database and disclose sensitive information.
Bugged file is /[path]/view.php. Query accept direct GET input, so we can inject hell sql code. To avoid this vulnerability, just escape GET input.
When a user sends a message in public room or in pm to onther user, there is a parameter to set an avatar (ex:'image.gif'); this can be exploited to run a CSRF when user get the message. The vulnerable code is in '/profiles/index.php' where the parameter 'gud' is not sanitized.
Living Local V1.1 is prone to a remote file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
A remote SQL injection vulnerability exists in Webmaster Marketplace (member.php u). An attacker can send a maliciously crafted HTTP request to the vulnerable application to execute arbitrary SQL commands in the back-end database, which can lead to the disclosure of sensitive information.
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.
site.com/cgi-bin/htmpl_admin.cgi?help=|cat /etc/passwd A few other little..... tricks The admins password is kept plaintext in the file 'adminpass', you can just access it directly in the same directory.
This module exploits a vulnerability in Internet Explorer 7.0.5730.13. The vulnerability is triggered when a user visits a malicious web page containing specially crafted HTML code. This code will cause a stack-based buffer overflow, allowing arbitrary code execution.
Services By CQR