An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL/XPath injection payloads to the vulnerable GuppY v4.5.18 application. This can allow the attacker to gain access to sensitive information stored in the back-end database.
TFTPGUI is vulnerable to a buffer overflow when sending an overly long transport mode string. This can be exploited to cause a denial of service condition by crashing the application.
A remote SQL injection vulnerability exists in WHMCS control 2. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and other confidential data stored in the database.
Acritum Femitter Server v1.03 is a HTTP and FTP Server for Windows. Source Disclosure Vulnerability allows even some files like .html to be downloaded from this vulnerability by putting '.' in the end of the file. Directory Traversal Vulnerability allows access to the C Dir if the Femitter Server is installed in 'Program Files'. 403 Forbidden Error can be bypassed by adding hex and a '%<file.type>' in the end.
The DJ-Classifieds extension allows users to add text advertisements into thematic categories, assigning images and descriptions to them. An attacker can exploit this vulnerability by uploading a malicious shell by changing the extension of the shell to .img,.gif or.bmp. The description part is also vulnerable. By uploading the evil script succesfully one can attack.
A vulnerability exists in the Mesut Manþet Haber V1.0 web application which allows an attacker to bypass authentication and gain access to the admin panel. The vulnerability is located in the admin/admin_haber.asp or admin/admin_haber.asp?islem=ekle_kaydet page when directly accessing it without authentication. Successful exploitation of this vulnerability could result in unauthorized access to the admin panel.
This exploit is a local crash exploit for Google Chrome version 4.1.249.1064 and prior. It causes the browser to crash when a webpage with a malicious script is opened. The malicious script creates an array of 1000 elements and then writes it to the page, causing the browser to crash.
Opencimetiere 2.01 Multiple Remote File Include Vulnerability is a high severity vulnerability with CVSS 10.0. It was discovered by cr4wl3r in 2009. The vulnerability is related to CVE-2009-4010 and CWE-94. The mitigation for this vulnerability is to upgrade to the latest version of Opencimetiere. A patch exists for this vulnerability. The affected versions are from 2.01 to 2.01. The CPE is cpe:/a:opencimetiere:opencimetiere:2.01. The vendor is Opencimetiere and the product name is Opencimetiere. The platforms tested for this exploit are Windows and Linux.
A vulnerability in Opencatalogue 1.024 allows an attacker to include a local file on the server, potentially allowing for remote code execution.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'index.php?option=com_grid&gid=15_ok_0', '15_ok_0&data_search' and 'index.php?option=com_grid&gid=15_ok_0', '15_ok_0?data_search=&rpp' parameters. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Services By CQR