An attacker may direct the user to visit a specially crafted webpage that can lead the Safari browser on iPhone & iPod Touch running iPhone OS 3.1.3 to freeze and finally crash. The attacker can modify to the PoC to run arbitrary code on the device.
An attacker can exploit this vulnerability by sending a maliciously crafted SQL query to the vulnerable application. This can be done by appending the malicious query to the vulnerable parameter in the URL. This can allow an attacker to gain access to sensitive information such as usernames, passwords, and emails.
A SQL injection vulnerability exists in Joomla Component dcsFlashGames, which allows an attacker to execute arbitrary SQL commands via the 'catid' parameter in a 'index.php' request. This vulnerability affects version 2.0RC1 and prior versions.
WebSiteBaker 2.8.1 is vulnerable to a DataBase Backup Exploit. An attacker can exploit this vulnerability by sending a malicious request to the backup-sql.php file, which allows the attacker to backup all tables in the database or only WB-specific tables.
This exploit is used to gain access to the SiteX CMS 0.7.4 beta system by exploiting a SQL injection vulnerability in the /photo.php script. The exploit requires Magic_quotes to be set to off and will return the username and password of the first user in the database.
Insecure method was founded in SAPBExCommonResources (class BExGlobal) activeX control component which is a part of SAP GUI. One of the methods (Execute) can be used to execute files on users system. Attacker can construct html page which call vulnerable function 'Execute' from ActiveX Object BExGlobal.
Cisco TFTP Server v1.1 is vulnerable to a remote denial of service attack. The attack involves sending a specially crafted packet to the server, which causes it to crash. The attack was discovered by _SuBz3r0_ and tested on French Windows XP SP3 and Windows 2003.
eDisplay Personal FTP server 1.0.0 is vulnerable to a stack-based buffer overflow vulnerability when sending an overly long string to the RMD command. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
justVisual 2.0 is vulnerable to a Local File Inclusion (LFI) vulnerability. This vulnerability is caused due to the use of unsanitized user-supplied input in the 'p' parameter of the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary local files from the web server and execute arbitrary PHP code.
Easy-Clanpage is vulnerable to a SQL injection vulnerability in the 'id' parameter of the 'user' section. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and emails. The exploit can be triggered by sending a specially crafted HTTP request to the vulnerable application.
Services By CQR