This is a DOS issue for Nuked Klan <= 1.7.7 & <= SP4, it uses multiple requests on the search page.
A vulnerability in CMScontrol 7.x allows an attacker to upload arbitrary files to the server. By exploiting this vulnerability, an attacker can gain access to admin credentials.
This exploit is a proof-of-concept (POC) for a buffer overflow vulnerability in the VLC ActiveX control. The vulnerability is triggered when a maliciously crafted HTML page is opened in Internet Explorer. The page contains a VBScript that launches the VLC ActiveX control with a specially crafted argument. This argument contains a shellcode that is executed when the control is launched. The shellcode is designed to open a command prompt window.
Multiple D-Link routers suffer from insecure implementations of the Home Network Administration Protocol which allow unauthenticated and/or unprivileged users to view and configure administrative settings on the router. Further, the mere existence of HNAP allows attackers to completely bypass the CAPTCHA login features that D-Link has made available in recent firmware releases. It is suspected that most, if not all, D-Link routers manufactured since 2006 have HNAP support and are vulnerable to one of the below described vulnerabilities. However, only the following routers and firmware versions have been confirmed to date: DI-524 hardware version C1, firmware version 3.23; DIR-628 hardware version B2, firmware versions 1.20NA and 1.22NA; DIR-655 hardware version A1, firmware version 1.30EA.
E-membres v1.0 is vulnerable to remote database disclosure. An attacker can access the database file bdEMembres.mdb which contains sensitive information such as usernames, passwords, and other user information.
The vulnerability allows an attacker to access the remote database of the ABB v1.1 Forum. The vulnerability exists due to insufficient validation of user-supplied input in the 'fpdb/abb.mdb' script. A remote attacker can send a specially crafted HTTP request to the vulnerable script and gain access to the remote database.
YPOPS! v 0.9.7.3 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable application. This can result in arbitrary code execution in the context of the application.
A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability was found in Simply Classified 0.2. An attacker can exploit this vulnerability by crafting a malicious form that contains a hidden input field with a malicious script. When the form is submitted, the malicious script will be executed in the context of the user's browser.
This module exploits a stack overflow in Soritong v1.0 By creating a specially crafted skin ui file making it possible to execute arbitrary code. Just replace the skin file with the new one.
A directory traversal vulnerability exists in Joomla Component com_jashowcase. An attacker can exploit this vulnerability to read sensitive files on the server. The vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter of the 'index.php' script. An attacker can send a specially crafted HTTP request containing directory traversal sequences (e.g. '../../../../../../etc/passwd%00') to read sensitive files on the server.
Services By CQR