This exploit targets LushiNews version 1.01 and allows for remote SQL injection.
This exploit targets the LightRO CMS 1.0 (index.php projectid) and allows for remote SQL injection. The exploit file name is exploit2.asp. The exploit also includes features to get the header and whois info.
The Sagem Fast 3304-V2 router is vulnerable to an authentication bypass bug which allows unprivileged users to modify the preconfigured root password then log in with administrator permissions. The vulnerability can be exploited by running javascript code in the web browser bar. The default URL to access the web management interface is http://192.168.1.1 but this attack can also be performed by an external attacker who connects to the router's public IP address.
This exploit allows an attacker to include remote files in the vulnerable application. The vulnerability exists in the 'menu.php' file of Site-Assistant version v0990. By manipulating the 'paths[version]' parameter, an attacker can include arbitrary files from a remote server, potentially leading to remote code execution.
The vulnerability is caused by the insecure inclusion of the file classes/class_mail.inc.php. An attacker can exploit this vulnerability to execute arbitrary PHP code by including a remote file.
NovaStor NovaNET is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.
Application is vulnerable to CSRF. An attacker can use this vulnerability to create a new user and assign Admin role to the user.
This exploit allows an attacker to perform SQL injection and cross-site scripting (XSS) attacks on OTSCMS version 2.1.5. The vulnerability exists in the 'reply.php' file in the 'mod/PM' directory, specifically in lines 22-26. An attacker can exploit the SQL injection vulnerability by manipulating the 'id' parameter in the 'priv.php' file, allowing them to retrieve sensitive information from the database. The XSS vulnerability can be exploited by injecting malicious JavaScript code into the 'name' parameter in the 'forum.php' file.
These vulnerabilities include a cross-site scripting issue, an SQL-injection issue, and multiple remote file-include issues. Exploiting these vulnerabilities could lead to stealing authentication credentials, executing arbitrary code, compromising the application, accessing or modifying data, or exploiting underlying database vulnerabilities.
This exploit allows an attacker to generate an admin session for Advanced Poll version 2.0.0 to 2.0.5-dev. By providing a specific username and password, the attacker can bypass authentication and gain administrative access to the system. The exploit uses the LWP::UserAgent module and performs a POST request to the admin/index.php endpoint. If successful, the exploit retrieves the session ID and provides instructions for accessing the admin panel.