IT!CMS is prone to a SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries and gain access to unauthorized information. This issue affects versions prior to IT!CMS 1.2.1.
SeaMonkey <= 1.1.14 is vulnerable to a Denial of Service attack when a maliciously crafted HTML file is opened. The exploit creates an HTML file with a large number of <marquee> tags, which causes the browser to crash when the file is opened.
There is a buffer overflow vulnerability in Rosoft Media Player 4.2.1 which affects all supported types (m3u, rml, txt) and all versions. The exploit involves writing a malicious file with a large number of characters followed by an address containing 0, NOT 0x00, and then the EIP and shellcode.
Goople <= 1.8.2 is vulnerable to Blind SQL Injection. This exploit uses a brute force attack to extract the username and password from the GoopleCMS_users_ table. The exploit sends a malicious POST request to the frontpage.php page with a crafted username and password. If the response time is greater than 4 seconds, it means the malicious payload was successful and the character is correct. The exploit then moves on to the next character in the key and continues the process until the username and password are extracted.
A vulnerability in RiotPix <= 0.61 allows an attacker to bypass authentication by entering 'logoz ' or '' as the username and leaving the password field blank. This allows the attacker to gain access to the board without authentication.
EZpack is vulnerable to XSS and SQL injection attacks. An attacker can inject malicious code into the 'mdfd' parameter of the 'op=prog' script to execute arbitrary SQL commands or XSS payloads. Demo XSS and SQL payloads are provided in the text.
RiotPix <= 0.61 is vulnerable to Blind SQL Injection. This exploit gets the password hash of a given user. The exploit is simple and does not include proxy or error handling.
PHPAuctionSystem is vulnerable to a remote file inclusion vulnerability due to insufficient sanitization of the 'include_path' parameter in the 'settings.inc.php' file. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This URL can be used to include a remote file containing arbitrary code, which will be executed by the web server.
This exploit grants DBA privileges to the user 'scott' and creates a new OS user 'hack' with password '12345' using the scheduler. It is tested on Oracle 10.1.0.5.0.
This exploit grants DBA privileges to the user 'scott' and creates a new OS user 'java' using java procedures. It was tested on Oracle 10.1.0.5.0 and was written by Alexandr 'Sh2kerr' Polyakov. The original advisory was written by Esteban Martinez Fayo of Team SHATTER and was published on November 11, 2008.
Services By CQR