microUpload is a vulnerable file uploader script written in PHP. It is vulnerable to a remote file upload attack, which allows an attacker to upload a malicious file to the server. The attacker can then execute the malicious file on the server, allowing them to gain access to the server and its data.
Ollydbg2 v2.00 beta1 Exploit in Python. The exploit consists of NOP, jmp ESP and SH3LLC0DE. The Shellcode is calc.exe. It was tested on French Windows XP SP3 fully patched.
This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. This vulnerability exists in the Joomla component com_hdvideoshare, due to insufficient sanitization of user-supplied input in the 'id' parameter. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL queries.
A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
A vulnerability exists in blog ink which allows an attacker to bypass the settings page. By accessing the setup.php?do=settings page, an attacker can gain access to the settings page without authentication.
An attacker can bypass the authentication of the CoffieNet CMS by accessing the admin.php and img_upload.php files directly. This vulnerability affects Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu).
A vulnerability exists in Dodo Upload Version 1.3 which allows an attacker to bypass the uploader by creating a .htaccess file with a code that sets the handler to application/x-httpd-php. This allows the attacker to upload a malicious PHP file disguised as an mp3 file. The attacker can then access the malicious file by navigating to the URL of the file.
This exploit allows a remote user to add a user account with administrator privileges to a Windows system running Internet Explorer 6 or 7.
superengine CMS (Custom Pack) is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a specially crafted SQL query that can be used to extract sensitive information from the database, such as usernames, passwords, and other confidential data.
This exploit allows an attacker to add an admin user to the KDPics v1.18 application. The exploit is triggered by sending a POST request to the index.php3 page with the type parameter set to add. The username and password are set to Snakespc. This exploit was discovered by Snakespc in 2020.
Services By CQR