This exploit causes a denial of service in TYPSoft FTP Server version 1.10. It sends two RETR commands with a buffer of 0x41 to the server, causing it to crash.
The variable $preview isn't declared in the file blocks-edit.php, so it's exploitable from the url for example. http://localhost/blocks-edit.php?preview=1&name=../../../../../../../etc/passwd%00. Like the variable $name isn't declared, it's exploitable for a XSS from the url. http://localhost/blocks-edit.php?preview=1&name=[XSS]. The variables $description, $addblock, $name and $wantedname aren't declared, so it's exploitable from the url for example. http://localhost/blocks-edit.php?addnew[0]=1&addblock_1=../../../../../../../etc/passwd%00&wantedname_1=../../../../../../../etc/passwd%00&wanteddescription_1=../../../../../../../etc/passwd%00
A SEH overflow vulnerability exists in Digital Music Pad Version 8.2.3.4.8. An attacker can exploit this vulnerability to execute arbitrary code by sending a specially crafted .pls file. The vulnerability is due to the application not properly validating the length of user-supplied input before copying it to a fixed-length buffer. An attacker can exploit this vulnerability to execute arbitrary code by sending a specially crafted .pls file.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'user.php' file. The malicious query will allow the attacker to extract sensitive information from the database such as user emails and passwords.
LoveCMS 1.6.2 is vulnerable to CSRF Code Injection. An attacker can inject malicious code into the vulnerable application by sending a crafted request to the vulnerable application. This can be exploited to execute arbitrary code on the vulnerable system.
PHP-AddressBook v6.2.4 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as the database name, user name, and other information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'group_name' parameter of the 'group.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a maliciously crafted SQL query to the vulnerable server. This can allow the attacker to gain access to sensitive information stored in the database.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'chid' in the 'channel_detail.php' script. This can allow the attacker to gain access to the database and extract sensitive information such as usernames and passwords.
User can execute arbitrary JavaScript code within the vulnerable application. BBcode isn't properly sanitized. This can be used to post arbitrary script code. The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "f" variable, it's possible to generate an error that will reveal the full path of the script.
A vulnerability in News Script PHP Pro (fckeditor) allows an attacker to upload arbitrary files to the server. The vulnerability exists due to insufficient validation of the file type in the 'uploadtest.html' script. An attacker can upload a malicious file to the server and execute arbitrary code.
Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, MAC addresses and host names. This information can be used for further network attacks as well as very accurate MAC address geolocation. This is exploitable even if remote administration is disabled.
Services By CQR