A vulnerability in CMS Elgg <1.00 allows an attacker to remotely change the password of a user by creating a new topic and editing it with a malicious script. The script can be used to store cookies and redirect the user to a page with a form that contains the new password. The form is then automatically submitted, allowing the attacker to change the password of the user.
A PHP script to attack Apache webservers by creating multiple processes and sending random requests to the webserver. This exploit was written by evilrabbi b4b0 and was published on milw0rm.com in 2009.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'sform[day]' in the 'search.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An attacker can also exploit this vulnerability by sending a malicious XSS payload to the vulnerable parameter 'page' in the 'website.php' script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
pc4arb - pc4 Uploader version 10.0 and below is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive files on the server. This vulnerability is due to a lack of proper input validation in the application when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability will result in the disclosure of sensitive files on the server.
An attacker can exploit this vulnerability by setting a malicious cookie with the name 'MIDAS' and the value 'admin|Administrator|1|data0n9a|en-US|Default' and then accessing the URL http://[website]/[script]/level1.pl?x=0. This will allow the attacker to gain administrator access to the application.
The vulnerability exists due to FtpConnect() function, which could download any file from remote FTP server and put on user's disk.Malicious user could download trojan and put into "startup" folder so that the trojan will run up when user's computer restart. Successful exploitation requires that the target user browse to a malicious web page.
A vulnerability in CMS Buzz allows an attacker to change the password of any user by accessing the profile page of the user. An attacker can also inject malicious JavaScript code into the search page of the website, which will be executed when a user visits the page. Additionally, an attacker can create two files, cookie.php and log.txt, and upload them to a web server. The cookie.php file contains code to grab the cookie of the user when they visit the page, and the log.txt file is used to store the cookie. The attacker can then send a message to the admin of the website with a malicious JavaScript code that will redirect the admin to the cookie.php page, thus allowing the attacker to grab the admin's cookie.
DESlock+ 4.0.2 local kernel SYSTEM exploit is a local exploit which allows an attacker to gain SYSTEM privileges on a vulnerable system. The exploit is based on a vulnerability in the dlpcrypt.sys driver which allows an attacker to pass kernel mode pointers between kernel and userland. The exploit has been tested on dlpcrypt.sys 0.1.1.27. The exploit is compiled using MinGW and -lntdll.
A buffer overflow vulnerability exists in compface version 1.5.2 and earlier. The vulnerability is triggered when a specially crafted XBM file is processed by the application. This can be exploited to execute arbitrary code by an attacker.
PhpPortal v1 is prone to an insecure cookie handling vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to gain access to the administrator panel.
Services By CQR