httpdx <= 0.5b is vulnerable to multiple remote DOS, in both HTTP and FTP server. For FTP DOS, httpdx FTP crashed by multiple ways, due to BOF in many commands (USER, PASS, CWD, ...). For HTTP DOS, httpdx crashed by sending a special HTTP request: 'GET / HTTP/1.1Host: '. The POC for FTP DOS is a python script and the POC for HTTP DOS is an echo command.
A vulnerability exists in OnlineRent v5.0 which allows an attacker to inject arbitrary SQL commands via the 'pid' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as user credentials. The vulnerable parameter is 'pid' and the vulnerable script is 'index.php'. An example of the exploit is http://[TARGET]/[Path]/index.php?custom_language=turkish&user=detaliespopupcondrent&pid=1 AND 1=0 %75%6E%69%6F%6E SELECT 1,concat_ws(0x3e,user,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 FROM admin--
A vulnerability in the PHP Dir Submit application allows an attacker to bypass authentication and gain access to the administrative panel. This is done by entering ' or '1=1 as the username and password.
pc4arb - pc4 Uploader version 9.0 and below is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords stored in the database. The vulnerability exists due to the lack of proper input validation in the 'load' and 'id' parameters of the 'code.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. This can be done by setting the 'tempst' cookie to 'qabandi' and then sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script.
An attacker can exploit this vulnerability by accessing the webblogmanager.mdb file located in the databases directory of the vulnerable application. This file contains the database information of the application.
Buffer overflow is a vulnerability in which an attacker sends more data than the allocated buffer size, causing the program to crash or execute malicious code.
A remote SQL injection and XSS vulnerability exists in the 2daybiz.com Custom T-shirt Design script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database and inject malicious JavaScript code into the application.
Audioactive Player 1.93b is vulnerable to a local buffer overflow vulnerability when processing specially crafted .m3u files. This vulnerability can be exploited by an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error when processing the 'http://' string in the .m3u file. This can be exploited to cause a stack-based buffer overflow by supplying a specially crafted .m3u file with an overly long 'http://' string. This can be exploited to overwrite the SEH handler and execute arbitrary code.
Rama Zaitan Cms versions 0.9.5 to 0.9.8 are vulnerable to Local File Inclusion. An attacker can exploit this vulnerability to include arbitrary files from the local system and execute arbitrary code on the vulnerable system.
Harland Scripts 11 Products are vulnerable to Remote Command Execution. The vulnerable scripts are Traffic Click 4 Cash Script, Get A Date Script, Birthsake Keepsake, FFA, TShirt Rental Script, Mug Rental script, Top Hits, Recipe 6.0, Link Lister Traffic System, Link Back Checker Service Script and AD PHP Script. Some of these scripts are also vulnerable to SQL Injection and Arbitrary File Upload (Auth bypass).
Services By CQR