This exploit is a buffer overflow vulnerability in the Belkin Bulldog Plus HTTP Server. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted HTTP request. The vulnerability is caused due to a boundary error when handling the 'username' parameter in the '/login.rsp' script. This can be exploited to cause a stack-based buffer overflow by sending an overly long string in the 'username' parameter.
A vulnerability in Teraway LinkTracker V1.0 allows an attacker to change the password of any user. This is due to a lack of authentication when changing the password. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable server.
An attacker can exploit this vulnerability by setting a malicious cookie with the admin credentials. The attacker can then access the admin panel by visiting the start.asp page.
An attacker can exploit this vulnerability by setting a cookie with the name 'twFSadmin' and value '1' and then accessing the menu.asp page. This will grant the attacker administrative privileges.
An attacker can exploit this vulnerability by setting a malicious cookie with the 'twLTadmin' parameter. The cookie should contain the userid and the level of the user. The attacker can then access the menu.asp page with the privileges of the user.
A vulnerability in Flatchat 3.0 allows an attacker to include a file from a remote server via a URL in the 'with' parameter in pmscript.php. This can be exploited to execute arbitrary PHP code by including files from external resources that contain malicious code.
ECSHOP 2.5.0 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
A proof-of-concept (PoC) exploit for a local file inclusion vulnerability in Thickbox Gallery v2 was published. The vulnerability is triggered when a maliciously crafted URL is sent to the vulnerable server. This URL contains a maliciously crafted parameter that can be used to include a file from the local file system. The malicious URL can be used to include a file from the local file system, such as BOOTSECT.BAK.
DEW-NEWphpLinks 2.0 is vulnerable to Local File Inclusion and Cross-Site Scripting. An attacker can exploit this vulnerability to gain access to sensitive information and execute malicious scripts in the browser of the victim.
This exploit shuts down the iodined daemon using a forged DNS packet. It works on the last debian stable version (0.4.2-2). It produces a segmentation fault on the daemon side.
Services By CQR