Limny 1.01 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password to bypass authentication. The vulnerable code is located in includes/functions.php, where the CheckLogin() function does not properly sanitize user-supplied input before using it in an SQL query. This can be exploited to bypass authentication by supplying a specially crafted username and password.
This vulnerability allows an attacker to delete arbitrary files from the server if the '$Allow_Delete[] = "[USERGROUP]";' is not commented in "uploadimg_config.php" [FIND LINE: 75]. An attacker can use a malicious script to login to the server and delete any file from the server.
This exploit allows an attacker to inject malicious SQL commands into a vulnerable PunBB Automatic Image Upload <= v1.3.5 application. The attacker can use this vulnerability to gain access to the application's database and potentially gain access to sensitive information.
NcFTPd version 2.8.5 and earlier is vulnerable to a remote jail breakout. An attacker with a valid user account can use the 'site symlink' command to create a symlink to a file outside of the user's home directory. This allows the attacker to read and write to files outside of the user's home directory.
A stack-based buffer overflow vulnerability exists in MP3 Studio v 1.0 when handling specially crafted .mpf and .m3u files. By sending a maliciously crafted .mpf or .m3u file, an attacker can cause a stack-based buffer overflow, resulting in the execution of arbitrary code. The vulnerability is caused due to a boundary error when handling overly long strings in the .mpf and .m3u files. This can be exploited to cause a stack-based buffer overflow by sending a maliciously crafted .mpf or .m3u file to the affected application.
This very known PHP store is vulnerable to SQL Injection on “parent†variable. Injecting a specific combination of SQL commands will execute the new SQL query and even provide sensitive database information that could help a malicious user to complete and enter a valid SQL injection query.
This exploit allows an attacker to inject malicious SQL code into the Allomani movies & Clips v2.7.0 application. The attacker can then use this code to gain access to the application's database and potentially gain access to sensitive information.
This exploit allows an attacker to inject malicious SQL code into the Allomani Songs & Clips v2.7.0 application. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable application. The malicious SQL code is then executed on the backend database, allowing the attacker to gain access to sensitive information or modify the database.
This exploit is used to exploit a Blind SQL Injection vulnerability in Allomani Mobile v2.5. The exploit is done by sending a specially crafted HTTP request to the vulnerable server. The exploit is successful if the server responds with a different page than the original one. The exploit is done by sending a specially crafted HTTP request to the vulnerable server with a valid news id and a substring of the version of the server. If the server responds with a different page than the original one, the exploit is successful.
This exploit adds a user Dr_IDE:password to the Admin Group by exploiting a vulnerability in Adobe Acrobat v9.1.2. It requires NOS Package Installed and was tested on Windows XP SP2.
Services By CQR