Text Exchange Pro is an unique PHP script for running your own text link exchange system. Local file inclusion vulnerability exists in the index.php page of the application, which allows an attacker to read sensitive files from the server.
Ad Manager Pro is vulnerable to SQL Injection and Cross-Site Scripting. An attacker can inject malicious code into the vulnerable parameters of the application and execute it in the user's browser. The vulnerable parameters are username, password, image_control, and email.
A buffer overflow vulnerability exists in WireShark versions 1.8.2 and 1.6.0. An attacker can exploit this vulnerability by sending a maliciously crafted string to the Remote Interface function of WireShark. This will overwrite the EAX, ECX, EDX, and EBX registers, allowing the attacker to gain access to EIP.
WebPA v1.1.0.1 is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious PHP file to the web server and execute arbitrary commands on the system. This vulnerability can be exploited by sending a specially crafted POST request with malicious PHP code in the filename parameter.
Local File Inclusion (LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected.
LetoDMS is an open-source document-management-system based on PHP and MySQL published under the GPL. There is a Reflected XSS vulnerability in the Login Page, Stored XSS vulnerability in Document Owner/User name (when viewing user document) and Stored XSS in Calendar. There is also a Change Password CSRF vulnerability.
This exploit allows a remote attacker to execute arbitrary code on a vulnerable server running Vice City Multiplayer. The exploit is triggered by sending a specially crafted packet to the server. The packet contains a buffer of 0x49 bytes followed by a pointer to the shellcode and the shellcode itself. The shellcode executes the calc.exe program.
This module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.
This module exploits a command injection vulnerability found in E-Mail Security Virtual Appliance. This module abuses the learn-msg.cgi file to execute arbitrary OS commands without authentication. This module has been successfully tested on the ESVA_2057 appliance.
OpenDocMan is vulnerable to a CSRF which allows an attacker to change users password and profile details. In order to change user details the attacker must know the user id, for example; the default id for the 'admin' user is 1. The victim must be logged in while clicking the malicious link.
Services By CQR