This exploit is a proof-of-concept (POC) for a denial-of-service (DoS) vulnerability in Safari 4.0.4 (531.21.10). It was discovered by John Cobb in January 2010 and tested on Windows XP (32-bit) SP3. The exploit involves creating an HTML file with a background attribute containing a large number of 'A' characters. When the file is opened in Safari, the browser will crash due to a stack overflow.
The vulnerability exists in the Uigafanclub index.php script, which allows an attacker to inject malicious SQL queries via the 'view' and 'id' parameters. The exploit can be triggered by sending a specially crafted HTTP request to the vulnerable script, such as www.site.com/Uigafanclub/index.php?view=photos&id=-9999+Union+Select+1,2,concat(admin_name,0x3a,admin_password),4,5+from+admin--
A SQL injection vulnerability exists in Uiga Personal Portal index.php, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can be done by appending a malicious SQL statement to the 'id' parameter in an HTTP request. This will allow the attacker to gain access to the database and extract sensitive information such as usernames and passwords.
This script causes a Denial of Service on a DCM425 cable modem. Sending 1040 bytes causes a reboot of the device after a few seconds of it freezing up. I believe this may lead to remote code execution but I did not bother to test it further.
A vulnerability in Script Slaed Cms 4 allows an attacker to upload a malicious shell, perform remote file inclusion, reinstall the script, dump the database, and perform blind SQL/XPath injection.
This exploit is a blind SQL injection vulnerability in Joomla's com_paxgallery component. It allows an attacker to extract usernames and passwords from the Joomla database.
Uiga Fan Club version 1.0 and below is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a malicious username and password in the admin login page. This will allow the attacker to bypass authentication and gain access to the admin panel.
This vulnerability affects login.php, where the POST variables 'us' and 'ps' are vulnerable. An attacker can inject malicious SQL code into the 'us' and 'ps' variables to gain access to the system.
This vulnerability affects signup.asp and can be exploited via the POST variable 'email'.
This vulnerability affects index.php and can be exploited VIA the GET variable 'action'. This vulnerability affects contact.php and can be exploited via the following POST variables: name, city, email, state, message.
Services By CQR