A vulnerability exists in Web Wiz NewsPad, which allows an attacker to remotely access the database file NewsPad.mdb. This can be exploited by sending a request to the vulnerable server for the file NewsPad.mdb, which contains sensitive information such as usernames and passwords.
Picpuz does not check the length of input filename/directory thus overwriting the buffer [1000 in size] with a call to strcpy. Proof Of Concept: Image filename overflow: $ ./picpuz -f $(python -c 'print "A"*1500') Directory filename overflow: $ ./picpuz -i $(python -c 'print "A"*1500')
Pragyan CMS 2.6.4 is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application, which can allow the attacker to execute arbitrary code on the server.
Wbb3 Blind Sql Injection Injection in Announce Plugin (Kleinanzeigen Markt) is a vulnerability that allows an attacker to inject malicious SQL code into a vulnerable web application. This vulnerability can be exploited to gain access to sensitive data stored in the database, such as user credentials, or to execute arbitrary code on the server. The vulnerability is caused by insufficient input validation and can be exploited by sending specially crafted SQL queries to the vulnerable application.
ImageVue 2.0 suffers a remote admin login exploit. You can simply enter admin as the password and it will log you in as a global administrator.
The exploit allows an attacker to inject malicious SQL queries into the vulnerable application. By exploiting this vulnerability, an attacker can gain access to the admin panel of the application and can perform various malicious activities.
CastRipper 2.50.70 is vulnerable to a stack buffer overflow vulnerability when a specially crafted .pls file is opened. This can be exploited to execute arbitrary code by corrupting the stack. The exploit code uses a NOP sled followed by a shellcode to execute calc.exe.
Jax Guestbook 3.50 suffers a bug that will allow you to log in as the admin. We can access the admin directory of Jax Guestbook 3.50 to edit the admin settings.
This vulnerability allows an attacker to gain access to the admin login credentials by exploiting a SQL injection vulnerability in the Joomla Component com_jeemaarticlecollection. The vulnerability exists due to insufficient filtration of malicious characters in the 'catid' parameter of the 'index.php' script.
An attacker can exploit this vulnerability by injecting malicious JavaScript code into the 'msg' parameter of the 'index.php' page. This code will be executed in the browser of the victim when they visit the vulnerable page.
Services By CQR