This exploit is a proof of concept for a buffer overflow vulnerability in Smart PC Recorder .MP3. The exploit creates a malicious .mp3 file with a single character of 'A' which causes the application to crash when opened.
The problem is in the management of the bad chars that can be used to launch some attacks, such as the directory traversal. The path traversal sequence ('../') is not checked, so it can be used for seeking the directories of the affected system.
This PoC will disconnect the affected target IRC server using a NULL Pointer vulnerability.
A vulnerability exists in the SMEStorage Joomla component which allows an attacker to include local files on the server. This is done by sending a specially crafted HTTP request to the vulnerable server. The attacker can then include any file on the server, such as configuration files, source code, etc.
With this exploit, an attacker can edit/delete/create records in the database, create new admin accounts and view all the users and passwords.
Property is a new Real Estate component 100% FREE native Joomla 1.5. compatible with sh404sef and joomfish. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious input to the vulnerable application. This can allow the attacker to include a file from the local system which can lead to the disclosure of sensitive information.
CMS Zephyrus is vulnerable to a SQL injection vulnerability in the index.php file. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'index.php?pagina=news&id=' URL. This can allow the attacker to gain access to the login page at 'index_priv.php' and potentially gain access to sensitive information.
Insky CMS v006-0111 is vulnerable to multiple Remote File Include vulnerabilities. Attackers can exploit these vulnerabilities by sending a maliciously crafted HTTP request to the vulnerable application. This can allow attackers to execute arbitrary code on the vulnerable system.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'Storeid' in the URL. An example of the exploit is http://[site]/index.php?option=com_gds&task=store&Storeid=-1+UNION+SELECT+1,2,3,4,5,6--
An SQL injection vulnerability exists in Uiga Business Portal <= index.php, which allows an attacker to execute arbitrary SQL commands via the 'view' and 'id' parameters in a 'index.php' script.
Services By CQR