The Tugux CMS is vulnerable to blind SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'nid' parameter in the 'latest.php' page. The vulnerability can be confirmed by using the provided proof of concept (p0c) examples. Additionally, the vulnerability can also be used to obtain the MySQL version running on the server by accessing the server on port 3306.
This module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.
This module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code.
This CMS suffers from multiple vulnerabilities. 1] "AjaxFileManager" implemented without the need for a valid session. Path: http://localhost/admin/libraries/ajaxfilemanager/ajaxfilemanager.php 2] "ajax_save_name.php" can be used to rename any file on the system/www-root to any name that contains safe extensions (txt,jpg etc) 3] "AjaxFileManager.php" allows download of even php files if its under the 'Root Folder'. Exploit: http://localhost/admin/libraries/ajaxfilemanager/ajax_download.php?path=../../../db/uploaded/index.php 4] "main.php" can be used to upload any file-type as long as this is true : "Content-Type: image:jpeg" Exploit:http://localhost/admin/main.php?action=upload
This exploit targets the N`CMS 1.1E software and allows for pre-authentication local file inclusion, which can be used to execute remote code. The vulnerable code is shown in the script. By manipulating the 'page' parameter in the URL, an attacker can include arbitrary files on the server and potentially execute malicious code. The exploit requires a wordlist for bruteforcing the database credentials.
CSRF exploit allows an attacker to change the admin password without authorization. XSS vulnerability allows an attacker to execute arbitrary script code on the affected website.
This is a proof-of-concept exploit that causes a local crash in Movavi VideoSuite 8.0 (SlideShow.exe). The exploit takes advantage of a buffer overflow vulnerability in the software.
This Perl script exploits a SQL injection vulnerability in the DSecurity application. It allows an attacker to execute arbitrary SQL queries and retrieve sensitive information from the database.
The N-13 News 4.0 version is vulnerable to CSRF (Cross-Site Request Forgery) attack. An attacker can add a new admin user by exploiting this vulnerability. The exploit involves submitting a crafted form to the admin.php file with the required parameters.
This module exploits a buffer overflow vulnerability in _tt_internal_realpath function of the ToolTalk database server (rpc.ttdbserverd).
Services By CQR