When a user starts an FTP connection to a remote host using the client version 0.17-19build1, after login, performing ACCT command with a long string (128 bytes) as the first argument will cause a Buffer Overflow crash.
This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11. credit goes to Karn Ganeshan.
A SQL injection vulnerability exists in the Joomla Component com_iproperty. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerable parameter is the 'id' parameter in the 'index.php?option=com_iproperty&view=agentproperties&id=[SQL]' URL. An attacker can inject malicious SQL code into the 'id' parameter to gain access to sensitive information stored in the database. An example of the exploit is 'http://www.victime.com/index.php?option=com_iproperty&view=agentproperties&id=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--'
A SQL injection vulnerability exists in the Joomla Component com_huruhelpdesk. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database, such as usernames and passwords.
A vulnerability exists in the Joomla Component com_golfcourseguide, which allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter in a 'index.php' call. This can be used to bypass authentication and gain access to the application.
A clickjacking vulnerability exists in Firefox 3.6.7 and SeaMonkey 2.0.6. An attacker can use this vulnerability to trick a user into clicking on a malicious link by hiding it behind a legitimate link. This can be done by using a transparent layer over the legitimate link and making it appear as if the user is clicking on the legitimate link.
A SQL injection vulnerability exists in PhotoPost PHP versions 4.0 - 4.6. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the 'cat' parameter in the URL.
Ready to Launch Website Package for your matrimony, matchmaking, marriage Bureau Dating Website in PHPĀ - New Shaadi.com clone Software. The site uses PHP 4 or above for a powerful dynamic and scaleable website. A Readymade Shaadi Website with Chat, Banners, Google Adsense and more...
Ready to Launch Website Package for your matrimony, matchmaking, marriage Bureau Dating Website in PHP - New Shaadi.com clone Software. The site uses PHP 4 or above for a powerful dynamic and scaleable website. A Readymade Shaadi Website with Chat, Banners, Google Adsense and more... An attacker can upload arbitrary files as images by exploiting the vulnerability in the member_photo.php file.
The vulnerability exists in the LILDBI software version 1.2. An attacker can upload a malicious shell to the vulnerable server by accessing the uploader.php page. The malicious shell can be uploaded to the files directory of the vulnerable server.
Services By CQR