A SQL Injection vulnerability has been found on modules Quas of Xoops Celepar in file Aviso.php. The vulnerable code is: $codigo = $_POST['codigo']; else $codigo = $_GET['codigo'];. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'codigo' in the URL. Demo: http://www.dce.uem.br/modules/qas/aviso.php?codigo=-1+UNION+SELECT+1,2,3,4,5,6,7,8--
SaphpLesson v4.0 is vulnerable to an authentication bypass vulnerability due to the lack of input validation in the CleanVar() function. An attacker can exploit this vulnerability by sending malicious input to the username and password fields in the login page. This will allow the attacker to bypass authentication and gain access to the application.
This exploit is a heap spray attack against Firefox 3.5 on OS X. It is a modified version of an exploit originally discovered by Simon Berry-Bryne and pythonized by David Kennedy (ReL1K). It creates a bind shell on port 4444.
Basilic version 1.5.13 is vulnerable to SQL injection. An attacker can send a specially crafted HTTP request to the vulnerable index.php file with a malicious SQL statement which can be used to extract information from the database. An example of a malicious request is http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--
Go in : http://www.site.com/ajaxim/, regist you and connect. Join a channel and in the input write : 'r"'><script>alert('xss')</script> (or any javascript after the 'r"'>) and press enter : the javascript is executed. Click on IM anyone and write in the input : 'r"'><script>alert('xss')</script> (or any javascript after the 'r"'>) and press enter : the javascript is executed.
This exploit is used to cause a denial of service in WzdFTPD version 8.0 and below. It works by sending a tab character to the server after authenticating with valid credentials. This causes the server to crash.
Ekiga GetHostAddress Remote Denial of Service Vulnerability (CVE-2007-4897) is a vulnerability in Ekiga, an open source VoIP and video conferencing application, which allows remote attackers to cause a denial of service (application crash) via a malformed SIP INVITE request with a long Call-ID field.
This vulnerability is caused by a buffer overflow in the OpenH323 Opal SIP Protocol. A malformed SIP INVITE request with a negative Content-Length header can cause a denial of service condition. The vulnerable code is located in the sip/sipcon.cxx file.
According to the code it does is see if the http, it is 'image/jpeg';'image/gif';'image/png'; If not upload. You must first register then you can upload a file with a malicious code.
A vulnerability in the Joomla Component com_joomloads (packageId) allows an attacker to inject arbitrary SQL commands via the packageId parameter. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords.
Services By CQR