A vulnerability exists in LulieBlog Version 1.02 which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in 'voircom.php'. An attacker can exploit this vulnerability to gain access to sensitive information from the database, modify data, delete data, or gain access to the server.
A vulnerability exists in Foojan WMS 1.0 which allows an attacker to inject arbitrary SQL commands via the 'story' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to the admin panel by injecting a malicious SQL query in the 'story' parameter. The malicious query will return the username and password of the admin panel.
This exploit allows an attacker to inject malicious SQL code into a vulnerable Invision Gallery version <=2.0.7. The exploit code is written in Perl and uses Tk, Tk::BrowseEntry, Tk::DialogBox, and LWP::UserAgent modules. The exploit allows an attacker to get data from the database, create a new admin user, and set custom fields. The exploit code is unpublished and should be kept private.
This exploit is a PHP Nuke `sid` sql injection exploit for Search module. It is a POST method exploit and is best for version 8.0 FINAL. It has been tested on 6.0, 6.6, 7.9, 8.0 FINAL versions.
This exploit allows an attacker to gain access to the administrative account of a vulnerable PHP Nuke installation. The exploit works by sending a specially crafted HTTP request to the vulnerable server, which then returns the administrative account's password hash. The attacker can then use this hash to gain access to the administrative account.
YaBB SE version <= 1.5.5 is vulnerable to command execution. This exploit code is coded by 1dt.w0lf and published by RST/GHC. It uses Tk and LWP::UserAgent modules to exploit the vulnerability. It uses a POST request to execute the command on the vulnerable server.
This exploit allows an attacker to execute arbitrary commands on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'set' parameter of the 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary commands on the system with the privileges of the web server process.
This exploit is a SQL injection vulnerability in the private album function of CPG 1.4.10. It allows an attacker to inject malicious SQL code through array indexes with COOKIE.
list.php?pagenum=0&categoryid=1+union+select+111,222,concat_ws(char(58),login,password),444+from+admin_login/*
This exploit is for a buffer overflow vulnerability in the HP Virtual Rooms WebHPVCInstall Control. It was written by e.b. and tested on Windows XP SP2 (fully patched) English, IE6, and hpvirtualrooms14.dll version 1.0.0.100. It is not reliable due to heap fragmentation issues. Thanks to rgod, h.d.m. and the Metasploit crew.
Services By CQR