A buffer overflow vulnerability exists in HP OpenView Network Node Manager 7.53. An attacker can send a specially crafted HTTP POST request to the webappmon.exe CGI program to execute arbitrary code with SYSTEM privileges.
InterPhoto Image Gallery is an open-source, simple-using, advanced, professional multi-users' image website System,and it can primely protect the images of your site. InterPhoto can be used to build all kinds of sites which lay out images mainly, such as: design, fashion, exhibition, photograph, painting sites and so on. InterPhoto allows register users uploading Images. InterPhoto's User can upload php webshell with this way: login in the user mode,go to 'Publish Image'. select file for upload, write other field Required and submit. By Tamper Data tools (webscarab, Paros ,...) Trap Request. and change 'Content-Type' field's value to 'image/jpeg'.
A SQL injection vulnerability exists in Micronetsoft RV Dealer Website, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'ad_ID' and 'vehicletypeID' parameters of the 'detail.asp' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable page. This may allow the attacker to gain unauthorized access to sensitive information stored in the database.
DMXReady Members Area Manager is vulnerable to persistent XSS. An attacker can inject malicious JavaScript code in the "Username" field of the login page. When a user visits the page, the malicious code will be executed in the user's browser. This can be used to steal the user's session cookie and hijack the user's session.
Gantry Framework 3.0.10 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. This vulnerability is tracked as CVE-2010-3245.
The vulnerability exists in the Article Directory script, which allows an attacker to inject malicious SQL queries via the 'sbiz_id' parameter in the 'article_details.php' script. An example of exploiting this vulnerability is by sending a request with the 'sbiz_id' parameter set to '13 and substring(version(),1,1)=4' to check if the version of the database is 4, and if it is not, sending a request with the 'sbiz_id' parameter set to '13 and substring(version(),1,1)=5' to check if the version of the database is 5.
This exploit is a proof-of-concept for a buffer overflow vulnerability in Virtual DJ Trail 6.1.2. The vulnerability is triggered when a specially crafted .m3u file is opened, causing a crash. The exploit code creates a .m3u file with a header and a large amount of junk data, which causes the application to crash when opened.
DMXReady Polling Booth Manager is a quick and fun way to make your website more interactive. It keeps all your web content fresh, and is a great way to find out what your visitors think. However, it is vulnerable to a SQL injection vulnerability which allows an attacker to execute arbitrary SQL commands on the underlying database.
FCrackZip does not check the length of the input provided to it when using the '-p' flag to supply an initial password or file used for a dictionary attack. Passing it a string exceding its buffer size (40) results in an overwrite.
Multiple Blind SQL Injection vulnerabilities exist in Joomla Component Clantools version 1.2.3. The first vulnerability is located in the 'squad' parameter of the 'index.php' file when passing malicious SQL commands to the 'option=com_clantools' module. The second vulnerability is located in the 'task=clanwar' parameter of the 'index.php' file when passing malicious SQL commands to the 'option=com_clantools' module. Successful exploitation of these vulnerabilities can result in unauthorized access to the application and the underlying database.
Services By CQR