A stack overflow vulnerability exists in mpegable Player 2.12 when processing a specially crafted YUV file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
This particular php script,named as 'download.php' can be tricked into allowing a remote attacker to download all kinds of files such as .php,.txt etc etc.This can be achieved by adding a null byte followed by an allowed extension..for eg: http://www.site.com/download.php?f=/path/file.php%00.jpg
S-Cms 1.1 Stable is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to include a local file on the web server. This can be exploited to disclose sensitive information, execute arbitrary code, and perform unauthorized actions.
ProjectCMS v1.0 Beta Final is vulnerable to SQL injection. Attackers can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
This exploit allows an attacker to read arbitrary files on the vulnerable server. It is triggered by sending a specially crafted HTTP request to the vulnerable server. The exploit was tested on Baby Web Server 2.7.2.0.
This exploit allows an attacker to access arbitrary files on a vulnerable Quick 'n Easy Web Server 3.3.5 system. The attacker can send a specially crafted HTTP request containing directory traversal characters (../../) to the vulnerable server, which will then return the contents of the requested file. This vulnerability is due to the lack of proper input validation in the application.
Autodesk IDrop is vulnerable to a remote code execution vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted request to the IDrop service. This vulnerability affects Autodesk IDrop versions prior to 2.2.1.
Multiple Remote SQL Injection Vulnerabilities exist in MIM:InfiniX v1.2.003. An attacker can exploit these vulnerabilities to gain access to sensitive information stored in the database, modify data, execute system commands, and even gain access to the underlying server.
A vulnerability in VisionLMS 1.0 allows an attacker to remotely change the password of any user. The vulnerability is due to insufficient validation of user-supplied input in the 'Password' parameter of the 'changePW.php' script. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable script. Successful exploitation will result in the attacker being able to change the password of any user.
Go to http://127.0.0.1/[path]/admin.inc.php to find the admin username and password. Example: login=admin pass=admin
Services By CQR