NCTVideoStudio ActiveX DLLs Version 1.6 is vulnerable to insecure method file creation. This vulnerability allows an attacker to create arbitrary files on the vulnerable system.
A heap overflow vulnerability exists in MW6 Barcode ActiveX (Barcode.dll) when a specially crafted string is passed to the 'Supplement' property. This can be exploited to execute arbitrary code by a remote attacker.
The ExportToXML() function of FlexCell Grid Control 5.6.9 is vulnerable to a remote file overwrite exploit. An attacker can use the SaveFile() function to overwrite a file on the target system.
ITLPoll v2.7 Stable2 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. This exploit uses a brute-force approach to extract the username and password from the database.
Xianur0 discovered a Cross-Site Request Forgery (XSRF) vulnerability in Simple Machines Forum (SMF). The vulnerability is located in the file Sources/PackageGet.php and allows an attacker to inject malicious code into the packages.xml file. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when the malicious packages.xml file is loaded by the admin. The attacker can also use an iframe to load the malicious packages.xml file.
This exploit allows an attacker to gain access to the admin password of the EPOLL SYSTEM by exploiting a Remote File Inclusion vulnerability. The exploit is coded in Python and requires two arguments, the target site and the path of the EPOLL SYSTEM installation. The exploit then connects to the target site and reads the password.dat file, which contains the admin password in MD5 format.
OpenGoo 1.1 is vulnerable to Local File Inclusion. This vulnerability is due to the register_globals and magic_quotes_gpc settings being set to On and Off respectively. This allows an attacker to include a remote file by manipulating the form_data[script_class] parameter in a POST request.
The Article Manager is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'cat_id' in the 'category.php' page. This can be exploited to extract information from the database.
A SQL injection vulnerability exists in Web-Calendar Lite 1.0. An attacker can send a specially crafted request to the vulnerable application to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate data, disclose sensitive information, or gain access to the system.
This exploit is used to gain access to the username and password of a Mambo CMS website. It uses a blind SQL injection vulnerability in the com_sim component to extract the credentials from the mos_users table. The exploit takes the URL of the vulnerable page as an argument and then uses the difference in response lengths to determine the username and password.
Services By CQR