A SQL injection vulnerability exists in Maxcms 2.0. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of application data.
LightOpenCMS is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
This exploit sends a malicious request with 330 '//.' characters to the target server, causing it to crash.
This exploit is a proof of concept for a buffer overflow vulnerability in Zervit webserver 0.04. It sends a request with a large number of 'A' characters to the target server, which causes the server to crash.
In dtls1_process_out_of_seq_message() the check if the current message is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack with sending out of seq handshake messages until there is no memory left.
This exploit uses a SQL injection vulnerability that exists in the DANA Portal ASP version. The exploit updates the admin password (SHA1 + Salt) with the word 'hacked'. This exploit is for educational purposes only.
The Douran Portal is vulnerable to a file download vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can allow an attacker to download any file from the web server, including sensitive files such as web.config, which can contain database credentials and other sensitive information.
httpdx is vulnerable to a buffer overflow when an overly long string is sent as the USER argument. This can be exploited to execute arbitrary code by sending a specially crafted string to the vulnerable server.
Flyspeck CMS 6.8 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability to include arbitrary files from the local system. This can be exploited to gain access to sensitive information or to execute arbitrary code on the vulnerable system.
Coppermine Foto Gallery suffers from different vulnerabilities. There is a Local File Inclusion and a Blind SQL Injection working with register_globals = On and magic_quotes_gpc = Off and a SQL Injection working in case of registration is enabled and a user can create/modify albums (default setting if registration is enabled) and php.ini regardless and a Blind SQL Injection when is enabled the ecard logging system (that is not a default configuration) and php.ini regardless. Is possible to bypass the anti-register_global protection and obtain a blind sql injection or a local file inclusion.
Services By CQR