The TurboFTP application is vulnerable to multiple remote denial of service attacks. These include handling responses with a large number of newline characters, a heap overflow triggered by a long file name in a LIST command response, and a heap overflow when the application sends a long CWD command. These vulnerabilities can be exploited to cause a denial of service condition on the target system. It is unlikely that code execution is possible with these vulnerabilities.
Mozilla Firefox allows remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
This exploit takes advantage of a buffer overflow vulnerability in the /usr/sbin/eject executable. By providing a specially crafted buffer, an attacker can execute arbitrary code with the privileges of the eject process.
This exploit allows an attacker to perform SQL injection on the Online Web Building v2.0 (id) application. By injecting SQL code into the 'art_id' parameter of the 'page.asp' page, an attacker can retrieve sensitive information such as usernames and passwords from the 'Users' table.
High-Tech Bridge Security Research Lab discovered CSRF and Remote Code Execution vulnerabilities in EGroupware, which can be exploited by remote attacker to gain full control over the application and compromise vulnerable system.
This exploit targets NukeSentinel version 2.5.05 and specifically the file 'nsbypass.php'. It allows an attacker to perform blind SQL injection attacks. The exploit requires certain conditions to be met, such as PHP and CMS conditions, and the victim's username and URL. Additional options can be specified, such as whether the victim is an admin or a normal user, the table prefix, the number of hits to try, and proxy settings.
The exploit allows an attacker to include remote files by manipulating the 'gbpfad' parameter in the 'function.php' file. By providing a malicious URL in the 'gbpfad' parameter, the attacker can execute arbitrary code on the target server.
This module exploits the buffer overflow found in the XMD command in IPSWITCH WS_FTP Server 5.05.
The vulnerabilities in CuteNews and UTF-8 CuteNews allow attackers to obtain sensitive information, gain unauthorized access, run arbitrary script code in the browser, hijack user sessions, and execute arbitrary commands in the context of the webserver process. Exploits for some of the issues may require administrator privilege.
This exploit targets the Php-Nuke Module Emporium version 2.3.0 and below, allowing for remote blind SQL injection attacks. The vulnerability allows an attacker to execute arbitrary SQL queries on the targeted database.
Services By CQR