APT-webshop is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This exploit allows an attacker to perform a blind SQL injection attack on PHPWind version 5.0.1 and below. The vulnerability can be exploited by an authenticated admin user to execute arbitrary SQL queries and gain unauthorized access to the database.
This is a local file inclusion vulnerability in phpwcms version 1.2.6. It allows an attacker to include local files by manipulating the 'wcs_user_lang' cookie. The vulnerability exists in the 'login.php' file, specifically in lines 45-63. The code checks if the 'form_lang' parameter is set in the POST request and then sets the 'wcs_user_lang' session variable to a lowercase version of the parameter. However, there is no validation or sanitization of the input, allowing an attacker to include any file on the server. This can lead to unauthorized access, information disclosure, and remote code execution.
The vulnerability allows an attacker to inject SQL queries into the application, potentially compromising its security and accessing or modifying data. In this case, the vulnerability is triggered by the application's failure to properly sanitize user-supplied input before using it in an SQL query.
The BASE application fails to properly sanitize user-supplied input in the 'PrintFreshPage' function, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user.
UltraVNC is susceptible to multiple error-logging remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers. A successful attack may allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access in the context of the application.
Doomsday is prone to multiple remote format-string vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application or crash the affected game server, effectively denying service to legitimate users.
This module exploits multiple vulnerabilities found in Open&Compact FTP server. The software contains an authentication bypass vulnerability and a arbitrary file upload vulnerability that allows a remote attacker to write arbitrary files to the file system as long as there is at least one user who has permission.Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.
Remote command execution by triggering a buffer overflow in the GET request along with some buffer gymnastics using egghunters in order to attain a shell.
Blank'N'Berg is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
Services By CQR