An attacker can bypass authentication in the admin dashboard and gain full access to the application and users. Additionally, an attacker can send a malicious page to an authenticated user to change their password.
The la-nai cms_v1.2.14 module is vulnerable to remote SQL injection. The authentication login on the site's front page can be bypassed by using a username from the la-nai tbl_ln_user database. This can be achieved by providing '/* contoh admin'/* <-- magic_quotes_gpc = off
During installation of Panda Antivirus 2008, the permissions for the installation folder are set to Everyone:Full Control, allowing an unprivileged user to replace the service executable with a file of their choice and gain full access with LocalSystem privileges. This can be exploited by renaming the service executable, copying a trojaned application, and rebooting the system.
Buffer overflow vulnerability in Easy RM RMVB to DVD Burner 1.8.11 allows remote attackers to execute arbitrary code via a long string in the 'Enter User Name' field. This can be exploited to execute arbitrary code with the privileges of the user running the application.
This exploit takes advantage of a buffer overflow vulnerability in the 'Enter User Name' field of Easy WMV/ASF/ASX to DVD Burner version 2.3.11. By pasting specific content into this field, an attacker can trigger the overflow and potentially execute arbitrary code.
This perl script exploits a remote SQL injection vulnerability in Envolution <= v1.1.0. It allows an attacker to retrieve the username and password (md5) of a specific member using their member id. The vulnerability is due to improper input validation in the 'modules.php' file. By crafting a malicious request, an attacker can inject SQL code and retrieve sensitive information from the database.
This exploit triggers a remote SEH buffer overflow in Sync Breeze Enterprise v9.9.16. By sending a specially crafted request to the web server, an attacker can execute arbitrary code on the target system.
This exploit takes advantage of a buffer overflow vulnerability in Disk Savvy Enterprise version 9.9.14. By sending a specially crafted request to the server, an attacker can trigger a stack-based buffer overflow, overwriting the Structured Exception Handler (SEH) and gaining control of the program execution flow. This allows the attacker to execute arbitrary code on the target system.
This exploit targets a buffer overflow vulnerability in Dup Scout Enterprise v 9.9.14. It allows an attacker to execute arbitrary code on the target system by sending a specially crafted request to the web server.
The 'Enter User Name' field in MP3 WAV to CD Burner version 1.4.24 is vulnerable to a buffer overflow attack. This can be exploited by pasting a large amount of data into the field, causing the program to crash or potentially execute arbitrary code.