RPG.Board is vulnerable to insecure cookie handling. An attacker can inject malicious code into the cookie and execute it on the victim's browser.
The vulnerability exists due to improper sanitization of user-supplied input in the 'contentid' and 'catid' parameters of the 'content_by_cat.asp' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to sensitive information from the database.
A SQL injection vulnerability exists in RPG.Board 0.0.8Beta2. An attacker can send a specially crafted HTTP request to index.php with the parameter 'subtopic' and 'showtopic' to execute arbitrary SQL commands.
Gemini Portal is prone to a remote file-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
You can access to the admin panel altering the cookie and adding a parameter in the navigation bar. Navigate by the admin panel adding the parameter '&name=users' in the navigation bar.
A vulnerability exists in openEngine 2. 0 beta2, which allows a remote attacker to include a file from a remote location. This is due to the application not properly sanitizing user-supplied input to the 'oe_classpath' parameter in 'filepool.php'. An attacker can exploit this vulnerability to include arbitrary files from remote locations, which can lead to the execution of arbitrary code on the vulnerable system.
You can access to the admin panel altering the cookie and adding a parameter in the navigation bar. First step: javascript:document.cookie = "user=admin". Second step: navigate by the admin panel adding the parameter '&name=users' in the navigation bar. Examples: to view the main admin panel: http://site/admin.php?page=main&name=users; to list all forums: http://site/admin.php?page=forums&name=users; to post a new forum: http://site/admin.php?page=forums&name=users&page=forums&op=newf&fview=Everyone&fpost=Everyone&forumname=WHAT_YOU_WANT&descrip=WHAT_YOU_WANT; to list articles: http://site/admin.php?page=articles&name=users; to create a new article: http://site/admin.php?page=articles&name=users&op=newd&dtitle=WHAT_YOU_WANT&ppcontent=WHAT_YOU_WANT&dfolder=0&category=1&autor=admin; to list all users: http://site/admin.php?page=users&name=users; to edit the admin profile (you can change the password): http://site/admin.php?page=users&name=users&op=edit&user=admin
This PoC shows the first method of exploiting a buffer overflow vulnerability in Windows Mobile 6 devices. The bug is not realy in the long string name but when it's the first time the wm6 device try to get a connection with too long name. There are two ways to exploit this bug, this PoC show the first method (direct connect to the device if we know the bdaddr) but you can just wait for the device to search and overflow by itself when seeing the hci name.
This exploit uses a buffer overflow vulnerability in the WinFTP Server v.2.3.0 to cause a denial of service (DoS). The exploit sends a large number of '..?' characters to the server, which causes the server to crash.
Atomic Photo Album 1.1.0pre4 is vulnerable to an insecure cookie handling vulnerability. This vulnerability allows an attacker to gain access to the application without authentication. By setting the apa_cookie_login and apa_cookie_password cookies to a known value, an attacker can gain access to the application.
Services By CQR