A vulnerability exists in fswiki 3.6.2 which allows an attacker to gain access to the user.dat file, which contains the usernames and passwords of all users of the fswiki application.
SoftArtisans FileUp(TM) is a popular web server component for transactional uploading of files to a web server using a web browser. When installing SoftArtisans FileUp(TM) you should avoid installing the samples as viewsrc.asp can let remote anonymous users see script source code or configuration settings outside the /SAFileUpSamples virtual directory. This is accomplished by modifying the 'path' query variable to point to files outside the designated directory. A web browser from a remote location is a sufficient tool to see the source code or configuration settings in plain text.
This exploit allows an attacker to create a new admin user in Cacti 0.8.6i by exploiting a SQL injection vulnerability in the copy_cacti_user.php script. The attacker can use a Googlebot/2.1 User-Agent to send a malicious GET request to the vulnerable script, which will create a new admin user with the username and password of 'admin'.
A vulnerability exists in Voodoo chat 1.0RC1b which allows an attacker to view the passwords of all users. This is done by accessing the users.dat file located in the data directory of the application.
A vulnerability exists in x-news 1.1 which allows an attacker to view the usernames, MD5 hashes, and emails of all users registered on the system. This is done by accessing the users.txt file located in the news/db directory of the x-news installation. The file contains a list of all users registered on the system in the format of username|MD5-Hash|eMail.
A denial of service vulnerability exists in Macromedia Flash 8 (Flash8b.ocx) when used in conjunction with Internet Explorer. By setting the 'AllowScriptAccess' property to a large string, an attacker can cause a denial of service condition. This vulnerability affects Windows XP Professional SP2 with Internet Explorer 7.
EasyNews PRO News Publishing 4.0 is vulnerable to a remote password disclosure vulnerability. By accessing the URL http://[target]/[easy_news_path]/newsboard/data/users.txt, an attacker can view the usernames and passwords of all registered users.
This exploit will merely show 1000 access violation boxes to screen. It creates a socket connection to the target machine and sends a junk string of varying sizes and characters to the target machine. This causes the target machine to crash.
This exploit sends a large number of GET requests to the webserver, causing it to crash.
The vulnerability is present in the application due to improper sanitization of user-supplied input in the 'num' parameter of the 'phonemessage.asp' script and the 'catcode' parameter of the 'faqDsp.asp' script. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow the attacker to bypass authentication and gain access to the application or to access sensitive information from the database.
Services By CQR