osCMax 2.0 is vulnerable to a remote file upload vulnerability due to improper validation of uploaded files. An attacker can upload malicious files with dangerous extensions such as .php3, .asp, .aspx, .ascx, .jsp, .cfm, .cfc, .pl, .bat, .exe, .dll, and .reg, which can be used to execute arbitrary code on the server.
This exploit is used to cause a denial of service (DoS) on a WFTPD 3.3 server. It works by sending a malicious 'rest' command with a very large number, followed by a 'retr' command with an existing file. This causes the server to crash.
This exploit acts as a webserver and causes Safari, as well as Mail and Springboard to crash when run on an iPhone. The exploit uses a JavaScript function to create a string of 1000 characters and assign it to a div element, which causes the crash.
Newbie CMS is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to include arbitrary files from remote locations and execute arbitrary code in the context of the webserver process. Successful exploitation of this vulnerability may result in a compromise of the application and the underlying system; other attacks are also possible.
This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. The attacker can use the vulnerable parameter 'kid' in the 'com_route' component of Joomla to inject malicious SQL queries. The attacker can use the UNION operator to retrieve data from the database, such as usernames and passwords.
ArGoSoft FTP Server .NET v.1.0.2.1 is vulnerable to directory traversal. An attacker can use the CWD command to traverse directories outside the web root directory. The XPWD command can be used to verify the current working directory.
A stack buffer overflow vulnerability exists in QuickZip 4.60.019 when handling specially crafted input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a boundary error when handling user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a boundary error when handling user-supplied input.
A SQL injection vulnerability exists in Preisschlacht V4 Flash System, which allows an attacker to execute arbitrary SQL commands via the 'seite' and 'aid' parameters in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information in the back-end database, such as usernames and passwords.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can use the ‘controller’ parameter to inject malicious code into the vulnerable application. For example, an attacker can send a request like www.site.com/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00 to read the /etc/passwd file.
A vulnerability exists in Joomla Component com_sectionex which allows an attacker to include local files on the server. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a maliciously crafted parameter value. This can be done by appending the maliciously crafted parameter value to the URL, such as www.site.com/index.php?option=com_sectionex&controller=[LFI] or www.site.com/index.php?option=com_sectionex&controller=../../../../../../../../../../etc/passwd%00.
Services By CQR