The Netgear DG632 router has a web interface which runs on port 80. This allows an admin to login and administer the device's settings. However, a Denial of Service (DoS) vulnerability exists that causes the web interface to crash and stop responding to further requests. Within the "/cgi-bin/" directory of the administrative web interface exists a file called "firmwarecfg". This file is used for firmware upgrades. A HTTP POST request for this file causes the web server to hang. The web server will stop responding to requests and the administrative interface will become inaccessible until the router is physically restarted.
The Netgear DG632 router has a web interface which runs on port 80. This allows an admin to login and administer the device's settings. Authentication of this web interface is handled by a script called 'webcm' residing in '/cgi-bin/' which redirects to the relevant pages depending on successful user authentication. Vulnerabilities in this interface enable an attacker to access files and data without authentication.
A SQL injection vulnerability exists in phpCollegeExchange 0.1.5c. An attacker can send a specially crafted HTTP request to the listing_view.php script with the itemnr parameter set to null union all select 1,2,3,concat(email,0x3a,0x3a,0x3a,password),5,6,7,8,9,10 from users-- to execute arbitrary SQL commands and gain access to sensitive information.
A SQL injection vulnerability exists in the Photoracer plugin for Wordpress. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the viewimg.php script with the id parameter set to a malicious SQL query. This can allow the attacker to gain access to sensitive information from the database.
This exploit is related to a blind SQL injection vulnerability in the Joomla Component com_ijoomla_rss. The vulnerability is caused due to the improper sanitization of user-supplied input to the 'cat' parameter in the 'index.php' script. This can be exploited to inject and execute arbitrary SQL commands via a specially crafted HTTP request.
A null pointer is being dereference when CFRelease() is called on NULL, which causes the browser to crash and data to be lost.
A vulnerability exists in Evernew Free Joke Script 1.2 which allows an attacker to remotely change the password of the admin. This is due to the lack of input validation in the change.php file in line 10, where the $result variable is set to mysql_query without any input validation. This can be exploited to inject malicious SQL commands which can be used to change the password of the admin.
This exploit is a Denial of Service (DoS) attack against LinkLogger 2.4.10.15. It sends 20,000 packets to the destination IP from a spoofed source IP, which overwhelms the program and shuts down the port. The exploit was coded by Mike Cyr, aka h00die, and was tested against 2.4.10.15. Vendor notification was sent on 4/13/09, and vendor acknowledgement was received on 4/14/09. Vendor was unable to run the DoS code successfully on 5/11/09, and instructions and a video on how to install all needed modules and run the exploit successfully were sent on 5/12/09. The exploit was sent to milw0rm and security focus on 6/13/09.
AdaptWeb 0.9.2 is vulnerable to both Local File Inclusion and SQL Injection. The Local File Inclusion vulnerability can be exploited by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable script. The SQL Injection vulnerability can be exploited by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script.
Elvin BTS suffers from a lot of vulnerabilities, including SQL Injection, Local File Inclusion, SQL Injection Login Bypass, Cross-Site Scripting, Cross-Site Request Forgery, and Source Code Disclosure. The vulnerable code is present in show_bug.php, show_activity.php, and login.php. PoCs are provided for each vulnerability.
Services By CQR