An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL queries in the vulnerable parameter and execute arbitrary SQL commands in the back-end database.
A vulnerability in Joomla <= 1.5.x Component com_siirler 1.2 (sid) allows an attacker to inject malicious SQL commands into the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
This module exploits a buffer overflow in the ProFTP 2.9 client that is triggered through an excessively long welcome message.
A vulnerability in AiO (All into One) Flash Mixer 3 allows an attacker to cause a denial of service (application crash) by creating a specially crafted .afp file and opening it in the application. This can be exploited to crash the application.
A buffer overflow vulnerability exists in FLIP Flash Album Deluxe 1.8.407.1, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error when processing a specially crafted .fft file. This can be exploited to cause a stack-based buffer overflow via an overly long string. Successful exploitation may allow execution of arbitrary code.
Configuration settings for FCKeditor shipped with Geeklog are insecure by default. They allow attackers to view and upload files and folders under its predefined image upload directory. This is not FCKeditor's fault, the Geeklog developers enabled the insecure configuration. Abuse works whether the FCKeditor is enabled or disabled in the Geeklog configuration. File uploads are restricted by directory and type.
A Blind SQL-injection vulnerability exists in the Joomla Component com_jtips (season). An attacker can inject malicious SQL code into the 'season' parameter of the 'index.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to disclose the contents of the database, modify data, delete data, or potentially gain administrative access to the application.
Huawei MT880 firmware and its default configuration has flaws, which allows LAN users to gain unauthorized full access to device. Default credentials on the web-based management interface are admin/admin. Possible XSRFs include adding an administrator user, disabling firewall/anti-DoS features, adding a MAC address to the whitelist, and adding an IP address allowed by the firewall.
A SQL injection vulnerability exists in the Joomla Component com_ninjamonial (testimID). An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to the underlying database. An example of a malicious request is http://localhost/path/index.php?option=com_ninjamonials&task=display&testimID=n<sql Code>, where n is a valid testimID and <sql Code> is a malicious SQL statement.
This exploit is a buffer overflow vulnerability in Audacity <= 1.2. It allows an attacker to execute arbitrary code on the target system by sending a malicious .gro file. The exploit code creates a malicious .gro file with a reverse shellcode to 192.168.2.3. When the file is opened, the shellcode is executed and a reverse shell is established.
Services By CQR