A vulnerability in Nakid CMS 0.5.2 allows an attacker to execute arbitrary code by sending a maliciously crafted request to the upload_photo.php script.
A boundary condition error in the SasCam HTTP server allows an attacker to terminate the server process remotely. Affected versions are 2.65,2.7 and lower. No fix is available.
IISWorks FileMan is an .asp-based web interface meant to simplify the process of uploading, downloading, and otherwise managing files on a server. The script uses an unencrypted Microsoft Access database file for user and permissions administration. If 'Read' permissions are not revoked in IIS on the /Database folder, the user db will be directly downloadable. The FileMan diags.asp installation verification script does not check for this permission setting.
Acuity CMS is an affordable, very easy to use CMS offering a rich set of features despite its low price point. Advanced WYSIWYG editing (using Acuity Visual Editor), code cleaning, menu management, integrated search, and more. Free online demo available. Code: ASP 3.0 & VBScript. The vulnerability is a SQLi vulnerability which can be exploited by sending a malicious request to the server. The demo URL is http://server/article.asp?page=[sqli]
The vulnerability exists due to insufficient filtering of user-supplied data in the "id" parameter of the "restaurant.php" script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database.
This website allows you to charge the restaurant owners a fixed amount per year of a listing. It also gives you the option to offer basic listings (ones without pictures, opening hours etc) for free. A demo URL is provided which shows the SQLi vulnerability. The exploit is demonstrated by appending a SQLi payload to the URL.
Smart ASP Survey is prone to an SQL injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit these issues to manipulate SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker can also exploit this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
A buffer overflow vulnerability exists in File Sharing Wizard Version 1.5.0 build on 26-8-2008, which allows an attacker to control the value of the EAX register. By sending a specially crafted HTTP request with a large Content-Length header, an attacker can overwrite the value of the EAX register, which can lead to arbitrary code execution.
Code was generated utilizing a custom fuzzer, PoC creates an Access Violation when writing to memory.
Impact PDF Reader v2.0 and prior program versions are vulnerable to a remote denial of service attack. An attacker can send a specially crafted POST request with a content length of 3 to the target application, causing it to crash.
Services By CQR