Injecting arbitrary HTML and Java Script code is possible while adding a new shout, no matter if HTML is allowed in the shoutsettings.php or not.
A Joomla 1.5 component for advertising items in a 'classified ads' style is vulnerable to a Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This will allow the attacker to read arbitrary files from the server.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.
Two vulnerabilities were discovered within in the Samba Smbd daemon which allow an attacker to trigger a null pointer dereference or an uninitialized variable read by sending a specific 'Sessions Setup AndX' query. Successful exploitation of these issues will result in a denial of service.
WFTPD 3.30 is vulnerable to multiple remote vulnerabilities. It is possible to exploit the vulnerability by providing the hostname, username, password, port, option and directory as arguments.
This exploit is meant to be run as php CLI and is used to exploit a SQL Injection vulnerability in IPB 3.0.1. It has features such as fetching algorithm optimized for speed, attack going through $_POST, pretesting to save time, curl extension autoloading, and log format compatible with passwordspro.
Admin login bilgileri alinabilir. Demo Vuln: http://[site]/fixed_page.asp?id=[SQL Inj.], User Exploit:null+union+all+select+1,username+from+adminpassword, Password Exploit:null+union+all+select+1,pw+from+adminpassword
zervit HTTP Server v0.4 is a Windows based HTTP server. This is the latest version of the application available. zervit HTTP Server is vulnerable to remote directory traversal attacks. Other traversal bugs have been released for this server but this can be done from a browser, no need for Host headers.
zervit HTTP Server v0.4 is a Windows based HTTP server. This is the latest version of the application available. zervit HTTP Server is vulnerable to common remote source disclosure attacks.
miniwebsvr v0.0.10 is a Windows based HTTP server. This is the latest version of the application available. miniwebsvr v0.0.10 is vulnerable to remote directory traversal attacks. The two vulnerabilies could be used together for directory walking.
Services By CQR