Maian Guestbook suffers from a insecure cookie, the admin panel only checks if the cookie exists and not the content. So, an attacker can craft a cookie and look like a admin.
Fuzzylime 3.01 is vulnerable to a remote code execution exploit. The exploit is possible due to the use of the extract() function in the commsrss.php file, which can simulate register_globals. This allows an attacker to set the $s, $p, and $curcount variables in the code/content.php file, which can then be used to execute arbitrary code.
This exploit is written in Perl and is used to send a large number of packets to the DNS server, causing it to crash. It takes three arguments: the DNS server, the DNS source port, and the number of packets to send.
A vulnerability exists in Avlc Forum due to improper sanitization of user-supplied input in the 'id' parameter of the 'vlc_forum.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, allowing for the manipulation or disclosure of arbitrary data.
A vulnerability exists in jSite 1.0 OE which allows an attacker to inject arbitrary SQL commands and perform a Local File Inclusion attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords, and can also allow the attacker to upload malicious files to the server.
Mambot Component n-forms Blind SQL Injection Exploit is a perl script which exploits a vulnerability in the Mambot Component n-forms. It allows an attacker to extract the MD5 hash of the user's password from the database. The exploit takes the host, path, userid, and form id as arguments and uses a loop to iterate through the characters of the MD5 hash.
Fuzzylime 3.01 is vulnerable to Remote Code Execution. This exploit uses a phpreter class to execute SQL, PHP or CMD on a remote host using the HTTP "Shell" header.
Maian Music v1.0 is suffering from insecure cookie handling, the /admin/index.php only checks if cookie mmusic_cookie, equals admin username.(md5). The exploit is a javascript code that sets the cookie value to md5(the username). For example, 21232f297a57a5a743894a0e4a801fc3 = admin
Maian Greetings v2.1 is suffering from insecure cookie handling, the /admin/index.php only checks if cookie mecard_admin_cookie, equals admin username. The exploit is a javascript code that sets the cookie mecard_admin_cookie to admin.
Maian Gallery v2.0 is suffering from insecure cookie handling, the /admin/index.php only checks if cookie mgallery_admin_cookie, equals admin username(md5). An exploit can be used by setting the cookie value to md5(the username). For example, 21232f297a57a5a743894a0e4a801fc3 = admin
Services By CQR