This exploit is a denial of service attack against ScreenStream 3.0.15. It uses a post request to the '/start-stop' endpoint with a specific set of headers. This causes the application to crash.
RealTerm: Serial Terminal 2.0.0.70 is vulnerable to a buffer overflow in the 'Echo Port' tab. An attacker can exploit this vulnerability by running a python script to create a new file 'carbonara.txt' containing malicious code. The attacker then copies the content of the new file to clipboard, opens realterm.exe, goes to 'Echo Port' tab, pastes the clipboard in 'Port' field, clicks on button -> Change, checks 'Echo On' or Box! and triggers the buffer overflow.
An attacker can inject malicious SQL commands into the 'q' parameter of the 'search' page of the PHP EI-Tube Script. This can be done by sending a specially crafted HTTP request to the vulnerable page, such as 'https://target/search?q=-999%22+[sql+command]+%23' or 'https://target/search?q=-999%22+union+select+1,user(),3,4,5,version()+%23'. This can allow an attacker to gain access to sensitive information from the database, such as usernames and passwords.
Valentina Studio 9.0.5 is vulnerable to a buffer overflow in the 'Host' field when connecting to Valentina Server or SQLite Server. By supplying a long string of 'A's, the application will crash.
A denial of service vulnerability exists in FTPShell Server 6.83 when a maliciously crafted string is sent to the application. An attacker can leverage this vulnerability to crash the application, denying service to legitimate users.
The Ask Expert Script 3.0.5 is vulnerable to Cross Site Scripting and SQL Injection. An attacker can inject malicious JavaScript code in the 'cateid' parameter of the 'categorysearch.php' page and can inject malicious SQL code in the 'view' parameter of the 'list-details.php' page.
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. Affected Product Code Base XAMPP 1.8.2 (and previous).
eDirectory is a software to create your own membership website, business directories, yellow pages, coupon sites, local guide, lead gen sites and more. SQL Injection can be used to bypass the administrator authentication and get access to the dashboard. File Disclosure can be used to access files with .php extension, but null-byte can be used in old php versions.
A denial of service vulnerability exists in BulletProof FTP Server 2019.0.0.50 when a maliciously crafted payload is sent to the SMTP Server field. An attacker can leverage this vulnerability to cause a denial of service condition.
Valentina Studio 9.0.4 is vulnerable to a denial of service attack when a maliciously crafted file is opened. An attacker can exploit this vulnerability by creating a file containing 256 'A' characters and then opening it in Valentina Studio. This will cause the application to crash.
Services By CQR