Malicious users may upload shell's in order to gather control from the site. Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account.
The Profbiz-Cart application is vulnerable to Local File Inclusion (LFI) and Remote File Inclusion (RFI) attacks. The vulnerable code is present in the dl-authcontent.php, dl-maincatsearch-dlcontent.php and dloads-payed.php files. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious code in the docroot parameter. This will allow the attacker to read sensitive files from the server or execute arbitrary code on the server.
Vulnerability is in the rate.php, $_GET['id']. An example of the exploit is http://server/rate.php?id=405+and+%28select%20version%28%29%29=5--
Vulnerability is in Activex Control(msgsc.14.0.8089.726.dll) Sending a string to ViewProfile() , cause a crash on msnmsgr.exe *must be signed in Msn Messenger account for triggerin the vulnerability.
Vulnerability is in the $_GET['catid'], an attacker can exploit this vulnerability by sending a crafted URL like http://server/[PATH]/index.php?catid=8+union+all+select+1,2,3,4,5,6--
Admin login bilgileri alinabilir. Demo Vuln: http://server/index.php?option=com_ksadvertiser&pid=[EXPLOIT]&task=showcats EXPLOIT: null/**/union/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13,14/**/from/**/jos_users--
This exploit is a buffer overflow vulnerability in the TestObj ActiveX control. The vulnerability is caused by a lack of bounds checking when handling user-supplied data. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable ActiveX control. This can allow the attacker to execute arbitrary code on the target system.
This exploit is a proof-of-concept for a remote execution vulnerability in UUSee ReliPlayer ActiveX. It was tested on Windows XP SP3 with Internet Explorer 6. The exploit code can be found in the uusee.zip file located at the given URL.
An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by manipulating the 'print_view' parameter of the vulnerable application. The attacker can use this vulnerability to gain access to the database and execute arbitrary SQL commands.
This exploit is a proof-of-concept for a remote code execution vulnerability in the SopCast SopCore Control ActiveX control. The vulnerability exists due to an unsafe call to the CreateObject() method, which allows an attacker to execute arbitrary code on the vulnerable system. The exploit is available as a zip file containing a proof-of-concept exploit code.
Services By CQR