MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate users. NOTE: An attacker must be able to execute arbitrary SELECT statements against the database to exploit this issue. This may be done through legitimate means or by exploiting other latent SQL-injection vulnerabilities.
This exploit is for Woltlab Burning Board 2.X/Lite search.php. It allows an attacker to inject SQL queries into the search.php script, potentially gaining unauthorized access to the database.
This module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This module has been tested successfully in Struts 2.3.16, Tomcat 7 and Ubuntu 10.04.
The vulnerability allows remote attackers to obtain sensitive information via a crafted searchstring parameter to search.php. The vulnerability is present in Woltlab Burning Board Lite version 1.0.2 and Woltlab Burning Board version 2.3.6.
It is possible to change specific values in the accounts database by an authenticated but not privileged user. This can be done by invoking the setPreference action.
The CCRP Folder Treeview Control (ccrpftv6.ocx) in Internet Explorer is vulnerable to a Denial of Service attack. By sending a specially crafted argument to the RootFolder parameter, an attacker can cause Internet Explorer to crash and become unresponsive. This vulnerability has been tested on Windows XP Professional SP2 with Internet Explorer 7.
This exploit allows an attacker to perform a remote SQL injection attack on the MGB <= 0.5.4.5 web application. The vulnerability was found by SlimTim10 and the exploit was created by SlimTim10.
You can put your own shellcode to spawn a shell. After executing the exploit, you will get 'Cannot login User or password not correct.' That doesn't mean the exploit failed. Whenever you click on Sami FTP server, it will crash resulting in the execution of calc.exe and will execute whenever the SAMI FTP server restarts until it is reinstalled.
This script makes use of the Colloquy INVITE format string vulnerability. It connects to an IRC server and joins a specified channel. It then sends a WHO command to the server to gather information about the users in the channel. This vulnerability can be exploited to execute arbitrary code.
Multiple denial-of-service vulnerabilities in Motorola Timbuktu Pro allow attackers to crash the application, resulting in denial of service for legitimate users.