OwnRS CMS is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'autor.php' script.
This exploit is a local stack overflow exploit for Browser3D (.sfs file). It is coded in Perl and was released by AlpHaNiX in 2009. It takes advantage of a vulnerability in the Browser3D application, which allows an attacker to execute arbitrary code on the vulnerable system. The exploit code creates a malicious file which contains a payload of shellcode that is executed when the file is opened.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mpid' parameter of the 'func=sign' action of the 'com_beamospetition' component. A remote attacker can execute arbitrary SQL commands in the application database, cause XSS, access or modify data, exploit vulnerabilities in the underlying database and compromise the system.
This exploit is used to inject malicious SQL code into a vulnerable Joomla website. It takes advantage of the com_pcchess component, which is vulnerable to Blind SQL Injection. The exploit uses a loop to iterate through the characters of the username and password of the vulnerable website, and then prints them out.
Local File Include vulnerability found in script user/help/help.shtml. User can unclude any local files even in admin folder. Linked XSS vulnerability found in scripts: user/help/help.shtml, user/help/general_help_user.shtml. Attacker can inject XSS script in URL.
This exploit allows an attacker to gain access to the admin username and password of the Sad Raven's Click Counter v1.0 application by accessing the passwd.dat file.
This exploit is a local buffer overflow exploit for Browser3D. It is coded in C and uses the win32_exec payload from Metasploit. It creates a file called simo.sfs which can be opened with Browser3D to trigger the exploit.
This exploit uses the Firefox 3.0.5 Status Bar Obfuscation technique to redirect users to milw0rm.com when they click on a link to google.com. The exploit uses a div element with a mouseover event to redirect the user to milw0rm.com. The div element is positioned at the exact coordinates of the mouse pointer when the user clicks on the link.
An attacker can exploit a SQL injection vulnerability in the 'bid' parameter of the 'index.php' script to execute arbitrary SQL commands. The vulnerable code is located in the 'com_sobi2' component. The attacker can use the 'union' SQL operator to access the 'jos_users' table and extract the username and password of the administrator.
A vulnerability exists in Joomla component BazaarBuilder Shopping Cart Software v.5.0 which allows an attacker to inject arbitrary SQL commands. This can be exploited to gain access to the admin panel and extract sensitive information from the database.
Services By CQR