A SQL injection vulnerability exists in WordPress Media Holder (id) which allows an attacker to execute arbitrary SQL commands on the underlying database. This is due to the application failing to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing SQL commands to the vulnerable application. Successful exploitation could result in the execution of arbitrary SQL commands on the underlying database, allowing an attacker to access or modify sensitive data.
MS08-067 is a buffer overflow vulnerability in the Server service of Microsoft Windows. It was discovered by Tavis Ormandy and was reported to Microsoft on October 23, 2008. The vulnerability is caused due to a boundary error when processing RPC requests. This can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request. Successful exploitation may allow execution of arbitrary code.
A vulnerability in PowerTCP FTP module was found by Intel in 2008. The exploit was written using HeapSpray technique, but it didn't work as the block of heap that contained the address changed after EIP pointed to it. The exploit was tested on Windows XP SP2 IE7.
A vulnerability exists in Classified Auctions (gotourl.php id) which allows an attacker to inject malicious SQL commands into the application. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL commands to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
PumpKIN TFTP Server 2.7.2.0 eventually reaches a DoS condition when provided with an overly long mode value. It'll take a minute. This condition is reached quicker when hammered repeatedly.
KasraCMS is vulnerable to multiple remote SQL injection vulnerabilities. An attacker can exploit these vulnerabilities by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The attacker can exploit these vulnerabilities to gain access to sensitive information stored in the back-end database.
A vulnerability in Tlnews 2.2 allows an attacker to bypass the admin login by setting a cookie with the value 'tlNews_login=admin; content=admin; path=/'
BuzzyWall is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains a maliciously crafted parameter value which can be used to disclose sensitive information from the server. The vulnerable parameter is 'id' which is used to specify the file to be downloaded. An attacker can use directory traversal techniques to access sensitive files outside the web root directory.
VicFTPS v5.0 is vulnerable to a remote denial of service attack. An attacker can send a specially crafted LIST command with a long string of 0x42 characters to the FTP server, causing it to crash. This vulnerability was discovered by Alfons Luja sp Z.0.0 in the year 2020.
PHPdaily is prone to multiple remote vulnerabilities. These issues include: - SQL-INJECTION - XSS - Local File Download Vulnerability
Services By CQR