This exploit takes advantage of a vulnerability in LeapFTP version 3.1.0. By sending a specially crafted URL, an attacker can trigger a buffer overflow and execute arbitrary code.
This is a proof-of-concept exploit for a local elevation of privileges vulnerability in Oracle Database. The exploit takes advantage of a shared section and injects shellcode to execute a command prompt. The vulnerability allows an attacker to gain elevated privileges on the affected system.
AneCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The Syntax Highlighter is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Flock Browser is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
This exploit allows an attacker to perform SQL injection on NukeSentinel version 2.5.06 or lower with MySQL version 4.0.24 or higher. The exploit takes advantage of the disable_switch and track_active settings in the CMS. The exploit is based on the server response time and can be used with options like -debug, -benchmark, and -truetime for troubleshooting.
This exploit is a denial of service (DoS) attack that sends a flood of UDP packets to a specified IP address and port. It uses a string named 'shit' to send the packets. The amount of packets sent can be specified, as well as the port and delay between packets. The code also includes a signal handler to display statistics when the program is terminated.
The HC NEWSSYSTEM 1.0-4 is vulnerable to a blind SQL injection attack through the 'ID' parameter in the index.php file. An attacker can exploit this vulnerability to execute arbitrary SQL queries and potentially gain unauthorized access to the application's database.