The Dimac CMS XS application is prone to an SQL-injection vulnerability due to improper sanitization of user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The 1024cms application is prone to multiple cross-site scripting vulnerabilities, multiple local file-include vulnerabilities, and a directory-traversal vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser, steal authentication credentials, and access sensitive information.
The Fiberhome HG-110 router is vulnerable to a cross-site scripting (XSS) and directory traversal vulnerability. This allows an attacker to execute arbitrary script code in the browser of a user visiting the affected site, potentially leading to the theft of sensitive information and further attacks. The vulnerability occurs due to insufficient sanitization of user-supplied input. An example URI that can be used to exploit this vulnerability is provided.
eGroupware is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
GParted <=0.14.1 does not properly sanitize strings before passing them as parameters to an OS command. Those commands are executed using root privileges.
This is a proof of concept exploit for crashing jetAudio 8.1.3 Basic using a corrupted mp3 file. When the file is opened with jetAudio, it triggers an access violation exception, causing the application to crash.
This is a proof of concept code for the PHP 5.2.1 unserialize() information leak vulnerability. It allows remote attackers to leak sensitive information from the server.
ProjectSend is a client-oriented file uploading utility. Clients are created and assigned a username and a password. Files can then be uploaded under each account with the ability to add a title and description to each. When a client logs in from any browser anywhere, the client will see a page that contains your company logo, and a sortable list of every file uploaded under the client's name, with description, time, date, etc.. It also works as a history of "sent" files, provides a differences between revisions, the time that it took between each revision, and so on.
This module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce list of passwords. This module will also attempt to read the /etc/shadow root password hash if a valid password is found. It is possible to execute code as root with a valid password, however this is not yet implemented in this module.
This is a remote SQL injection exploit for the eWebquiz version 8. It allows an attacker to inject SQL commands into the QuizID parameter, which can be used to retrieve sensitive information such as password hashes from the admins table.
Services By CQR