This exploit allows an attacker to perform a remote BLIND SQL injection attack on XOOPS Module Rha7 Downloads 1.0 (visit.php). By injecting malicious SQL code, the attacker can retrieve sensitive information such as usernames and passwords from the XOOPS users database.
This exploit targets a vulnerability in phpBB mutant 0.9.2 where the 'phpbb_root_path' variable is not properly declared before inclusion, allowing remote files to be included. By exploiting this vulnerability, an attacker can execute arbitrary remote code.
This exploit includes multiple vulnerabilities in the u-Auctions system. The first vulnerability is a blind SQL injection in /adsearch.php, where the 'category' input is vulnerable. The second vulnerability is an HTTP parameter pollution in /feedback.php, where the 'id' parameter is affected. These vulnerabilities can be exploited to override parameters, modify application behavior, access uncontrollable variables, and bypass input validation checkpoints and WAF rules.
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589 (CVE-2007-1738).
The XOOPS Module WF-Snippets version 1.02 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting malicious SQL queries.
This module exploits a flaw in AOL Sb.SuperBuddy. We stole this code from a pre-existing metasploit module.
This is a proof of concept (POC) exploit for the Mercury Quality Center Spider90.ocx ProgColor Overflow vulnerability. The exploit takes advantage of a buffer overflow vulnerability in the Spider90.ocx ActiveX control to execute arbitrary code.
This exploit targets a stack buffer overflow vulnerability in the WebGate eDVR Manager software. By sending a specially crafted request to the Connect method, an attacker can overwrite the stack and potentially execute arbitrary code on the target system. The vulnerability has been assigned CVE-2015-2097.
The WebGate WinRDS PlaySiteAllChannel function in WESPPlayback.dll is vulnerable to a stack buffer overflow. By sending a specially crafted argument to the function, an attacker can overwrite the stack and execute arbitrary code.
Wordpress plugin 'Business Intelligence' is not filtering data in GET parameter 't' in file 'view.php' and passing user supplied data to SQL queries, hence SQL injection vulnerability has taken place. The vulnerability is due to the parameter 't' in file 'view.php'. Users can inject SQL queries using the GET parameter 't'.
Services By CQR