phpLinkat is a free link indexing script written in PHP and runs on MySQL. This script is suffering from a SQL injection bug and insecure cookie handling.
This exploit takes advantage of a remote overflow vulnerability in the ximage_zgv.tar.gz file. It allows an attacker to execute arbitrary code on the targeted system.
The vulnerability allows an attacker to perform SQL injection attacks in the HYIP ACME Version software. By exploiting the vulnerability, an attacker can retrieve sensitive information from the database, such as usernames and admin passwords.
This is a Proof of Concept (PoC) code that can crash the MyServer 0.7.1 POST server. The exploit sends a POST request to the server with a specially crafted payload that consists of a long string of characters. This payload is designed to cause the server to crash or become unresponsive. The vulnerability allows an attacker to disrupt the normal functioning of the server, potentially leading to service downtime or denial of service.
There are multiple vulnerabilities in Acidcat CMS including SQL Injection, logical vulnerability, XSS, and file upload vulnerability. These vulnerabilities can allow an attacker to gain usernames and encrypted passwords, send emails without permission, login to the site, execute XSS attacks, and upload files.
javascript:document.cookie = 'adm=1 path=/;';
The IE component in the GOM Player's interface uses an insecure HTTP connection. Since IE is vulnerable to the SMB/WebDAV+ 'search-ms' technique, we can redirect the victim to the page we created with DNS spoofing and execute code on the target. In addition, the URL+ZIP+VBS MoTW bypass technique was used to prevent the victim from seeing any warning in the pop-up window.
The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.
The TV and FM transmitter uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.
The attacker can send to victim a link containing a malicious URL in an email or instant message that can perform a wide variety of actions, such as stealing the victim's session token or login credentials.