This exploit allows an attacker to retrieve the admin credentials from the JV2 Folder Gallery script. By sending a specially crafted GET request to the 'download.php' file, the attacker can download the 'gallerysetup.php' file which contains the admin credentials.
This exploit allows an attacker to execute arbitrary commands or retrieve the md5 hash of a certain user on a ThWboard <=3.0 beta 2.84-php5 board. The vulnerability is caused by insufficient input validation in the 'styleid' parameter. An attacker can exploit this vulnerability by sending a specially crafted request to the target server.
The FdWeB Espace Membre <= 2.01(path) script is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file by manipulating the 'path' parameter in the 'admin_menu.php' file.
This PoC demonstrates a stack-based buffer overflow vulnerability in Oracle Outside In MDB File Parsing. By providing a specially crafted MDB file, an attacker can exploit this vulnerability to execute arbitrary code or crash the application. The vulnerability has a CVE identifier of CVE-2013-5791. The PoC author is Citadelo.
This exploit allows an attacker to perform blind SQL injection on DigiAffiliate version 1.4. By injecting a specially crafted SQL query, the attacker can retrieve sensitive information such as login credentials and personal details of the admin user.
The vulnerability exists in the 'common.php' file of Poplar Gedcom Viewer v2.0. By manipulating the 'env[rootPath]' parameter, an attacker can execute arbitrary code on the server.
The MiNT Haber Sistemi v2.7 (tr) is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code into the 'id' parameter in the 'duyuru.asp' page. By doing so, they can retrieve sensitive information such as the admin's username, password, and email address.
While scanning specially crafted compressed files, Norton AntiVirus triggers a Denial of Service (DoS) attack by using 100% CPU for a long time. The scan cannot be stopped manually, forcing the user to kill the process. A proof of concept file is provided to demonstrate the vulnerability. Other antivirus or trojan scanners may also be vulnerable.
The vulnerability allows remote attackers to cause a denial of service (application crash) via a long string in a .m3u file.
The vulnerability exists in the /i-accueil.php file of the Citations Aléatoires v1.1 script. The script includes a file without properly validating user-supplied input, allowing an attacker to include arbitrary remote files. This can lead to remote code execution and compromise of the affected system.
Services By CQR