A buffer overflow vulnerability exists in IpSwitch WS_FTPSERVER with SSH when a maliciously crafted CD command is sent to the server. This can be exploited to cause a stack-based buffer overflow by sending an overly long string to the server. Successful exploitation could allow remote attackers to execute arbitrary code on the vulnerable system.
A buffer overflow vulnerability exists in Yahoo! Music Jukebox 2.2 AddImage() ActiveX control. The vulnerability is caused due to a boundary error when handling a specially crafted argument passed to the AddImage() method. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the AddImage() method.
BlogPHP V.2 is vulnerable to multiple remote vulnerabilities such as SQL Injection and XSS. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The XSS vulnerability can be exploited by sending a malicious script to the vulnerable website. The SQL Injection vulnerability can be exploited by sending a specially crafted SQL query to the vulnerable website.
The script checks if $my_insecure_array contains 'SELECT ','UPDATE ' ...etc so WORD+space, and this can be easily bypassed using comments like POC : select/**/input1,input2... Exemple to inject admin username and md5 hash password : http://website/phpshop/?page=shop/flypage&product_id=-3'+UNION+select/**/null,null,null,null,null,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,username/**/from/**/auth_user_md5/*
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. The crafted query can be sent as a part of the URL parameter 'topicid' and can be used to extract sensitive information from the database.
A SQL injection vulnerability exists in the Wordpress Plugin (wordspew-rss.php) which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient input validation of the 'id' parameter in the 'wordspew-rss.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, such as user credentials.
There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to information disclosure, XSS, or privilege escalation. What's more, passwords are stored in the database as plaintext, making user accounts very easily compromised. In some versions of the software I have encountered, the following proof of concept will display a corresponding username and password in the 'core' field and 'reputation' field on the page, respectively. The ideal fix would be to ensure that the 'node_id' request variable is the appropriate data-type (signed int) before passing it as part of a SQL query.
When a user connects to the Titan FTP Server with a username and password of more than 4096 and 22000 characters respectively, it causes a heap overflow which leads to a crash of the server.
An attacker can exploit a SQL injection vulnerability in the com_neoreferences component of Joomla! to execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input to the 'catid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. Successful exploitation could result in unauthorized access to sensitive information or allow an attacker to modify data in the back-end database.
A remote file upload vulnerability is present in LightBlog version 9.5. Users without permissions are able to upload any kind of files, also .php; so the attacker can upload their own remote PHP shell. The file vulnerable is: cp_upload_image.php, and you can find it under the root directory of the blog uploaded.
Services By CQR