SugarCRM Community Edition is vulnerable to local file contents disclosure. This vulnerability can be exploited by a malicious user to disclose potentially sensitive information. The flaw is caused due to a lack of input filtering in the SugarCRM RSS module, which can be exploited to disclose the content of local files. An exploitation example in a LAMP (Linux, Apache, Mysql, PHP) environment: If an authenticated attacker enters a value of “/etc/passwd� (without the quotes) in the URL field of the RSS module, the application will create a file in the directory cache/feeds with the filename of the md5 hash of the URL entered. The file will contain the content of the /etc/passwd file.
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
This exploit takes advantage of one of the vulnerabilities patched in the Microsoft Security bulletin MS08-25. Modifications are strictly prohibited and is for research purposes only.
Input passed to the 'host_id' parameter in search_result.php is not properly verified before being used to sql query. This can be exploited thru the browser and get the username and password from admin in plain text. Successful exploitation requires that 'magic_quotes' is disabled.
Input passed to the 'cat_id' parameter in directory.php is not properly verified before being used to sql query. This can be exploited thru the browser and get the hash md5 password from users. Successful exploitation requires that 'magic_quotes' is off.
GroupWise 7.0 is vulnerable to a buffer overflow vulnerability when a maliciously crafted mailto scheme is used as the default mail client. This can lead to the overwriting of the EIP and execution of arbitrary code. A proof of concept is provided which creates an HTML file with an iframe containing a mailto scheme with an extensive argument, causing the buffer overflow.
This exploit is a blind SQL injection vulnerability in the Joomla Component PaxxGallery. It allows an attacker to extract the administrator's password hash from the database. The exploit works by sending a specially crafted request to the vulnerable parameter 'gid' and using the error message 'Subquery returns more than 1 row' to determine the correct character of the password hash.
This Script will exploit a Blind SQL Injection vulnerability in com_alphacontent. It will use the LWP::UserAgent module to send a malicious request to the vulnerable server and extract information from the database.
A remote code execution vulnerability exists in HP Update Software due to insecure methods ExecuteAsync and Execute. An attacker can exploit this vulnerability by creating a malicious webpage and convincing a user to visit it. The malicious webpage can then execute arbitrary code on the user's system.
A vulnerability exists in FluentCMS which allows an attacker to inject arbitrary SQL commands. This can be exploited to gain access to the database and potentially gain access to sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'sid' parameter in 'view.php'. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation requires that magic_quotes_gpc is disabled.