ASPIntranet is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This script is for testing and educational purpose and so to test this one will have to point the DNS resolver on the target/client to the ip address on which this script runs. Open up internet explorer and type in a hostname. services.exe will crash.
The vulnerability exists in the include/admin/auth.php file of the PafileDB 3.5.2 and 3.5.3 versions. An attacker can exploit this vulnerability by sending a crafted cookie with a username and password containing a SQL injection payload. This will allow the attacker to bypass authentication and gain access to the admin panel.
A vulnerability in Jowamp WebInterface v2.1 allows an attacker to execute arbitrary code on the vulnerable system. This is achieved by sending a specially crafted HTTP request containing a malicious URL to the vulnerable system. The malicious URL contains a malicious script which is then executed on the vulnerable system.
A remote file inclusion vulnerability exists in Phorum v3.2.11. This is due to a lack of proper sanitization of user-supplied input to the 'db_file' parameter in the 'common.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
F-Prot 4.6.6 is vulnerable to a heap overflow vulnerability when processing .CHM files. This vulnerability can be exploited by an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error within the processing of the .CHM files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .CHM file.
This proof of concept code exploits a denial of service vulnerability in F-Prot 4.6.6. It creates an ACE compressed file which causes F-Prot to crash when it is scanned.
A vulnerability in Cutenews AJ-Fork could allow a remote attacker to include a file from a remote location. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'cutepath' parameter in the 'inc/shows.inc.php' script. An attacker could exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file from a remote location. Successful exploitation could result in arbitrary code execution.
QuickCart 2.0 is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences and a null byte (%00) to the vulnerable server. This will allow the attacker to read arbitrary files from the server.
Envolution version 1.1.0 and prior are vulnerable to a remote code execution vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'PNSVlang' parameter in the 'error.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
Services By CQR