Mereo v1.9.2 is vulnerable to a remote denial of service attack. An attacker can send a specially crafted HTTP request with a large number of 'X' characters to crash the server. This vulnerability affects Mereo v1.9.2 and earlier versions.
GuestBookPlus Script PHP is vulnerable to HTML Injection. An attacker can inject malicious HTML code into the name and body of a comment, which will be executed when the comment is viewed. This can be used to redirect users to malicious websites, or to execute malicious JavaScript code.
A SQL injection vulnerability exists in seagull-0.6.7 and lesser versions. An attacker can send a specially crafted HTTP request to the vulnerable application to exploit this vulnerability. The POST variable frmQuestion has been set to 1' and the POC is http://server/index.php/user/password/?action=retrieve&frmEmail=111-222-1933email@address.tst&frmQuestion=1'[SQLI]&frmAnswer=111-222-1933email@address.tst&submitted=retrieve
A remote file inclusion vulnerability exists in CF Image Hosting Script version 1.3.8. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file path to the vulnerable application. This can allow an attacker to execute arbitrary code on the vulnerable system.
Multiple Remote File Inclusion (RFI) vulnerabilities have been discovered in Multi-lingual E-Commerce System 0.2. An attacker can exploit these vulnerabilities by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.
Add a new comment and the exploit is in Name. For HTML Injection, use <meta http-equiv="refresh" content="0;url=http://sa-virus.com/" /> and for XSS, use <script>alert('MiND - Sa-ViRuS.CoM')</script>
Go to Http://[localhost]/path/register.php, assume that forum admin user name is ADMIN, type this at User Name ===> ADMIN�, � is an ASCII Code, and complete the other parameters, then click on Complete Registrarion, now you see that your user name like admin user name, after this time the private messages to the user (ADMIN) to sending see for you is sending.
SnackAmp 3.1.2 is vulnerable to a malicious SMP buffer overflow vulnerability. By sending a specially crafted SMP file, an attacker can overwrite the SEH and execute arbitrary code. The exploit code is written in Ruby and contains a payload of 144 bytes that executes the calc.exe program. The payload is encoded using the x86/shikata_ga_nai encoder.
This exploit is for nginx versions <= 0.6.38 and <= 0.7.61. It is written and tested against BT4, an intel x86 setup. The exploit requires knowledge of the offset and pad to gain control of execution flow. To verify the exploit, launch nginx, attach GDB to the worker and target it with the exploit, setting the offset to 0. When the worker gets a sigsegv, it will be on a line which looks like 'if (ctx->offset)', at that point type 'p *r'. In the r data structure will be a few different fields, one which is a buffer that contains 'GET //../Aa0'. Add 131 to the pointer value of that buffer and set the last octet to 00.
A vulnerability in the CF Image Hosting script version 1.3 allows an attacker to view the settings.cdb file which contains sensitive information such as the database username and password. This vulnerability is due to the fact that the settings.cdb file is stored in the upload/data directory which is accessible to the public.
Services By CQR