eXtplorer is prone to a local file include and directory traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. The parameter 'lang' is not properly sanitized. Since the application allows to upload files to the server could be combined with previous vulnerabilities to allow an attacker to view any local file or execute arbitrary code remotely in the context of the webserver. This may aid in launching further attacks. In order to perform the attack, an attacker could upload a PHP maliciuos code (upload action is allowed by the application), then exploit a bug to know the full path to the local file recently uploaded (if 'display_errors' directive is set to On) and then include it exploiting the local file include and directory traversal flaw (using ../../path/to/file) to finally execute the php code. Successfully explotation of ths vulnerability could allow an attacker to execute arbitrary code in the context of the webserver process.
This exploit is used to gain access to the username and password of a Joomla website using the com_digistore component. It uses a blind SQL injection technique to exploit the vulnerability. The exploit is written in PHP and requires the URL of the vulnerable website as an argument.
The Graugon PHP Article Publisher 1.0 is vulnerable to multiple SQL injections and insecure cookie handling. An attacker can exploit these vulnerabilities to gain access to sensitive information such as user credentials and other details stored in the database.
An attacker can upload a malicious ASP shell to the vulnerable server by exploiting the default_Image.asp file. This file is vulnerable to directory traversal attacks, allowing an attacker to upload a malicious ASP shell to the vulnerable server.
Digital Interchange Calendar version 5.7.13 suffers from a path disclosure vulnerability. This allows an attacker to view the physical path of the web application. This can be exploited to gain sensitive information which can be used to launch further attacks.
Document Library Version 1.0.1 is vulnerable to authentication bypass. An attacker can exploit this vulnerability by accessing the save_user.asp page and setting the admin username and password to the same value. This will allow the attacker to bypass authentication and gain access to the admin panel.
Novell eDirectory iMonitor is prone to a buffer overflow vulnerability when handling a specially crafted 'Accept-Language' request. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
BlogMan is vulnerable to multiple SQL Injection, Authentication Bypass and Privilege Escalation. SQL Injection can be used to obtain reserved information. Authentication Bypass can be used to login as a registered user. Privilege Escalation can be used to edit the profile of a registered user.
Merak Media Player 3.2 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied data. An attacker can exploit this vulnerability by sending a specially crafted request containing an overly long string of data to the vulnerable application. This can result in arbitrary code execution in the context of the application.
This PoC exploits a buffer overflow vulnerability in HTC Touch devices. It sends a specially crafted vCard to the device, which causes the device to crash. The vCard contains a random number followed by a large number of 'A' characters, which causes the buffer to overflow.
Services By CQR