The MySQLDriverCS application is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This module exploits a stack overflow in the NaviCopa HTTP server 2.01 (release version 6th October 2006 or earlier). It is not the same vulnerability as the one described in BID 20250. The vulnerability allows reliable code execution. The only thing that may vary is the path to the NaviCopa installation folder. On an English version of Windows, it resides in the c:program filesnavicopa directory. In that case, eip is overwritten with char 271 to 274. To add a new target version of Windows (e.g. Spanish, Italian etc.), you only need to change the offset to eip. As an example, in a German version of Windows, the installation directory of navicopa is c:programmenavicopa. As a result, the path length is four characters shorter than on an English version of Windows. As a consequence, the offset to eip ha
The Ubisoft CoGSManager ActiveX control is prone to a remote stack-based buffer-overflow vulnerability due to a lack of proper bounds checking on user-supplied input. Attackers can exploit this vulnerability to execute arbitrary code within the context of an application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.
Mambo CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The 'com_morfeoshow' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Nodesforum is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
The LEADTOOLS Imaging LEADSmtp ActiveX control is prone to a vulnerability caused by an insecure method. Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Attackers may execute arbitrary code with user-level privileges.
Blind SQL Injection exploit and proof of concept for Xoops All Version -Articles- Print.PHP (ID). The exploit allows an attacker to execute arbitrary SQL queries by injecting malicious code into the 'id' parameter of the print.php page. The proof of concept URL demonstrates the exploitation of the vulnerability by injecting a UNION SELECT statement. The exploit is coded in Perl and uses IO::Socket module to send HTTP requests to the target server.
This exploit allows an attacker to upload files without authorization and execute remote code on the target system. The vulnerability exists in Cforms version 14.7 and has a CVE ID of 2014-9473. By exploiting this vulnerability, an attacker can upload malicious files and execute arbitrary code on the target system.