Uguestbook 1.0 is vulnerable to an arbitrary database disclosure vulnerability. An attacker can exploit this vulnerability to gain access to the database and view its contents. The vulnerability is due to the application not properly validating user-supplied input before using it to construct a path to the database. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable application. This will allow the attacker to view the contents of the database.
A buffer overflow vulnerability exists in Bmxplay 0.4.4b when a specially crafted .BMX file is opened. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to insufficient boundary checks when processing the .BMX file. A specially crafted .BMX file can cause a stack-based buffer overflow, overwriting the return address and allowing arbitrary code execution.
When a long string is passed to the server, it checks for buffer overflow type attacks and answers with a '<SMTP> Buffer overflow: DOS attack?' after 25 requests (more or less). An attacker can exploit this issue to trigger denial of service conditions. In case of successful exploitation of this vulnerability, the server will answer to requests with '<SMTP> 421 Service not available'
Million Dollar Text Links 1.0 is vulnerable to an authentication bypass vulnerability. An attacker can access the admin.home.php page without authentication by accessing the admin.php page first.
An attacker can exploit this vulnerability by setting the cookie values for login_id, group_id, login_name, user_id and user_type to gain access to the admin panel. The attacker can then use the admin panel to perform malicious activities.
eLitius v1.0 is vulnerable to an arbitrary file upload vulnerability due to improper validation of the MIME-Type of the uploaded file. This allows an attacker to upload a malicious file and execute arbitrary commands on the server.
This PoC creates a file named 'sirgod.m3u' with 1337 characters of 'A' which can be used to exploit a buffer overflow vulnerability in EW-MusicPlayer0.8.
BluSky CMS is prone to a remote SQL injection vulnerability. An attacker can exploit this issue to manipulate SQL queries and gain access to sensitive information that may aid in further attacks. This issue affects the 'news_id' parameter in the 'index.php' script when 'news_act' is set to 'read'. An attacker can exploit this issue to gain access to the application's database, potentially compromising the application and any data made available through it.
A Cross-Site Scripting (XSS) vulnerability exists in AGTC MyShop v3.2b. An attacker can inject malicious JavaScript code into the 'log_accept' cookie, which is then executed in the browser of the victim when the vulnerable page is accessed.
This exploit is a proof-of-concept (PoC) code for a local denial of service (DoS) vulnerability in Solaris 10 and OpenSolaris. The vulnerability is caused due to an error in the kernel when handling fasttrap probes, which can be exploited by local attackers to crash the system.
Services By CQR