This exploit allows an attacker to gain administrator privileges on SlimCMS version 1.0.0 and below. The exploit works by sending a POST request to the redirect.php file with the newusername, newpassword, and newisadmin parameters set to the desired username and a value of 1 for newisadmin. If successful, the attacker will be able to log in with the specified username and password and have administrator privileges.
The Web Browser for S60 (formally called Nokia Mini Map Browser) is a web browser for the S60 mobile phone platform developed by Nokia. It is built upon S60WebKit, a port of the open source WebKit project to the S60 platform. According to several sources, the S60 software on Symbian OS is the world’s most popular software for smartphones. This version of the Nokia Mini Map Browser does not properly validate JavaScript input embedded in visited HTML pages. An aggressor can easily trigger Denial of Service attacks.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'kat' parameter of 'kategori.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication, compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'jid' of the 'index.php' script. This can allow the attacker to view, add, modify or delete data from the database.
An attacker can exploit this vulnerability by crafting a malicious SQL query and sending it to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the request. This can allow the attacker to gain access to sensitive information stored in the database.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to access sensitive information from the database, modify data, or execute system level commands.
NoticeWare E-mail Server has many odd querks about it. This DoS leverages the fact that the POP3 server can only handle so many exceptions before you get an access violation at 0x00000008 which is given from an EDX+8 where EDX is 0x00000000. I've tried many things to get code execution and non are prevalent. If you fuzz almost any of the commands for the POP3 server you will get it to crash. Also, if you are authenticated and do 'LIST 0.5' (numerous times) you will get the same access violation you do with this DoS.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Konqueror. Authentication is not required to exploit this vulnerability. The specific flaw exists within the document.load() function. The issue lies in the fact that the function does not properly validate user-supplied input before using it to execute a command. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user running the application.
WinFTP v2.3.0 is vulnerable to a Denial of Service attack when an attacker attempts to send data. The exploit code creates a socket connection to the target host on port 21, sends a USER command with the supplied username, a PASS command with the supplied password, a PASV command, a NLST -1 command, and a QUIT command. The socket is then closed.
A vulnerability in ScriptsEz Easy Image Downloader allows an attacker to download arbitrary files from the server. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter of the 'main.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. '../') to the vulnerable script. This will allow the attacker to download arbitrary files from the server.
Services By CQR