This exploit uses a buffer overflow vulnerability to cause a denial of service in Safari 4.0.4. The exploit creates a buffer of 'A' characters and then uses a loop to write a large amount of data to the page. This causes the browser to crash.
Baal Systems version 3.8 and below is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a crafted username and password to the application, which will bypass the authentication process and allow the attacker to gain access to the application.
Zen Tracking version 2.2 and below is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying specially crafted input to the username and password fields of the userlogin.php and managerlogin.php scripts. By supplying the username and password values of ' or' 1=1, an attacker can bypass authentication and gain access to the application.
A specially crafted SQL file query can cause the the application to freeze and finally crash. The bug is the SQL query processor engine, it can't handle malformed SQL queries leading to crash.
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. Directory Listing vulnerability allows an attacker to view the contents of a directory on the server. Open Redirection vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Unprotected Install Proccess allows an attacker to access the installation process of the application.
odlican.net cms v.1.5 is a simple opensource cms made by croatian web designers and it has a serious flaw. The vulnerable part of code from upload.php allows any file to be uploaded to the /cms/files/ folder, including dangerous php scripts.
A vulnerability exists in Arab Network Tech. (ANT) CMS, which allows an attacker to inject malicious SQL queries into the application. This can be exploited to gain access to the admin panel and upload a shell. The vulnerability is present in the apages.php file, where an attacker can inject malicious SQL queries into the 'sgroup' parameter. An example of this is www.[Server].com/[Path]/apages.php?sgroup=-10+UniOn+AlL+SeLeCt+1,2,concat(username,0x3a,password,0x3a),4,5,6,7,8,9,10+from+admins--. After gaining access to the admin panel, an attacker can upload a shell.
X-lite SIP v3 (wav) memory corruption Heap BOF exploit is a buffer overflow vulnerability that allows an attacker to execute arbitrary code by sending a specially crafted wav file to the vulnerable application. The vulnerability exists due to insufficient validation of user-supplied input when parsing the wav file. An attacker can exploit this vulnerability by sending a malicious wav file to the vulnerable application, which can lead to arbitrary code execution.
The vulnerability exists in the Open Bulletin Board script, which allows an attacker to inject malicious SQL queries via the FID parameter in the board.php and read.php files. The attacker can use the true/false condition to check the validity of the query and extract information from the database.
A SQL injection vulnerability exists in Audistats version 1.3 or lower. An attacker can send a maliciously crafted HTTP request containing a specially crafted 'mday' parameter to the vulnerable server to exploit this vulnerability.
Services By CQR