This exploit is for Move Networks Quantum Streaming Player Control UploadLogs() Buffer Overflow vulnerability. It was written by e.b. and tested on Windows XP SP2(fully patched) English, IE6, qsp2ie07074039.dll version 7.7.4.39(digitally signed Tuesday, September 18, 2007 7:10:35PM). It was also thanks to h.d.m. and the Metasploit crew.
This exploit allows an attacker to execute arbitrary code on the vulnerable server by including a malicious file. The exploit is hard to execute through a browser, but possible. The exploit requires the attacker to send a POST request to the vulnerable server, containing the malicious file URL in the 'extmanager_install' parameter.
MiniNuke v2.1 forum is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted URL to the vulnerable application. The URL contains malicious SQL query which can be used to extract sensitive information from the database.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'artid' parameter to 'modules.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify data, exploit latent vulnerabilities in the underlying database and gain access to the administrative panel.
This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable web application. This can be used to gain access to the administrator's credentials and gain access to the web application.
MyServer 0.8.11 is vulnerable to a remote denial of service attack. By sending a specially crafted DELETE request with an overly long string, a remote attacker can cause the service to crash. This vulnerability can be exploited using other HTTP methods such as GET, OPTIONS, etc.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'content' parameter to '/include/body.inc.php' script. This can be exploited to include arbitrary files from local resources via directory traversal attacks.
Portail Web Php version 2.5.1.1 is vulnerable to multiple remote and local file inclusion vulnerabilities. The remote file inclusion vulnerability can be exploited by sending a malicious URL to the vulnerable parameter 'site_path' in the 'template/Vert/index.php', 'template/Noir/index.php' and 'template/Bleu/index.php' scripts. The local file inclusion vulnerability can be exploited by sending a malicious URL to the vulnerable parameter 'page' in the 'PwP2.5.1.1/' script.
Pigyard Art Gallery is vulnerable to multiple remote vulnerabilities, including pictures, availibility, exhibitions, genres, media, artist, and empty artists and exhibitions edit and add. Additionally, the website is vulnerable to file upload.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'template' parameter to '/include/unverified.inc.php' script. A remote attacker can include arbitrary local files and execute arbitrary PHP code on the vulnerable system.
Services By CQR