It is possible to change specific values in the accounts database by an authenticated but not privileged user. This can be done by invoking the setPreference action.
The CCRP Folder Treeview Control (ccrpftv6.ocx) in Internet Explorer is vulnerable to a Denial of Service attack. By sending a specially crafted argument to the RootFolder parameter, an attacker can cause Internet Explorer to crash and become unresponsive. This vulnerability has been tested on Windows XP Professional SP2 with Internet Explorer 7.
This exploit allows an attacker to perform a remote SQL injection attack on the MGB <= 0.5.4.5 web application. The vulnerability was found by SlimTim10 and the exploit was created by SlimTim10.
You can put your own shellcode to spawn a shell. After executing the exploit, you will get 'Cannot login User or password not correct.' That doesn't mean the exploit failed. Whenever you click on Sami FTP server, it will crash resulting in the execution of calc.exe and will execute whenever the SAMI FTP server restarts until it is reinstalled.
This script makes use of the Colloquy INVITE format string vulnerability. It connects to an IRC server and joins a specified channel. It then sends a WHO command to the server to gather information about the users in the channel. This vulnerability can be exploited to execute arbitrary code.
Multiple denial-of-service vulnerabilities in Motorola Timbuktu Pro allow attackers to crash the application, resulting in denial of service for legitimate users.
The etkinlikbak.asp script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code in the 'id' parameter of the URL to retrieve sensitive information from the database.
This exploit takes advantage of the x32 ABI with recvmmsg vulnerability (CVE-2014-0038) in Linux 3.4+ kernels. The exploit allows an attacker to gain root privileges on the target system. The vulnerability is caused by a flaw in the recvmmsg system call, which can be exploited to escalate privileges.
This exploit allows an attacker to execute arbitrary code on a target system running KGB version 1.9. The vulnerability is due to insufficient input validation, which allows an attacker to inject and execute malicious code. This can lead to a complete compromise of the target system.
WebCT is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Services By CQR