A buffer overflow vulnerability exists in SwiFTP v1.11 which allows an attacker to cause a denial of service condition. This vulnerability is caused due to a boundary error when handling user-supplied input. An attacker can exploit this vulnerability by sending a large amount of data to the vulnerable server. This will cause the server to crash, resulting in a denial of service condition.
CiviCRM uses a fairly complex filtering system to try to prevent attacks, yet still have the highest level of flexibility. One of those filters prevents <script> and </script> from being in the same input box. In several cases it is possible to use multiple input boxes that get displayed later either together or close enough that it is possible to inject the 1st half of the code in the first box with a trailing comment, then inject the end comment and end script in the second box. This is known as Separated XSS Injection.
An attacker can exploit the vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'preview.php' page. An attacker can also exploit the XSS vulnerability by sending a malicious script to the vulnerable parameter 'id' in the 'preview.php' page.
This exploit is a remote denial of service (DoS) vulnerability in the Apple Iphone/Ipod Udisk FTP Basic Edition application. The vulnerability is caused due to a boundary error when handling user supplied data, which can be exploited to cause a stack-based buffer overflow by sending an overly long username and password to the application. This can potentially allow remote attackers to crash the application, denying service to legitimate users.
This exploit is a Cross-Site Request Forgery (CSRF) vulnerability in the export.php page of the server. The exploit allows an attacker to execute arbitrary code on the server by sending a malicious request to the server. The malicious request contains a form with checkboxes that can be used to select which users to export. The attacker can then submit the form and the server will execute the code with the selected users.
The vulnerability exists in the 'section.php?section=9' page of the website. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious 'topic' parameter containing a SQL injection payload. The payload can be used to extract sensitive information from the database.
FAQEngine 4.24.00 is vulnerable to Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the application. The malicious URL contains a malicious file which is hosted on a remote server. When the application receives the malicious URL, it will include the malicious file and execute it on the server.
A vulnerability in the Image Hosting Script from www.x10media.com allows an attacker to upload a malicious shell to the server. The malicious shell can be uploaded to the server via the create_image_gallery.php page, and is stored in the graphic/2010/January/10/ directory.
This module exploits a stack-based buffer overflow in Audiotran 1.4.1. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extention is registered to Audiotran. This functionality has not been tested in this module.
The Gridcc Script 1.0 is vulnerable to both SQL Injection and XSS. The SQL Injection vulnerability can be exploited by injecting malicious code into the 'id' parameter of the 'viewnote.php' script. The XSS vulnerability can be exploited by injecting malicious code into the 'id' parameter of the 'viewnote.php' script.
Services By CQR