e107 is a content management system written in PHP and using the popular open source MySQL database system for content storage. It's completely free, totally customisable and in constant development. The vulnerability allows an attacker to upload arbitrary files through the photograph upload feature. This can lead to remote code execution and unauthorized access to the system.
Internet download accelerator suffers from a BOF when an FTP Download of file with long name fails.
This vulnerability allows an attacker to perform unauthorized actions on the D-Link DI-524 Wireless 150 router. The exploit consists of two parts: one to reboot the device and another to change the admin account. The first part sends a request to the router's web interface to reboot it, while the second part changes the admin account credentials without the user's consent.
This exploit allows an attacker to perform a remote SQL injection attack on Simple Invoices version 2007 05 25 through the 'index.php' submit functionality. The vulnerability can be exploited by supplying specially crafted input to the 'user_id' parameter. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
The vulnerability allows an attacker to inject arbitrary parameters into the sendmail command, leading to remote code execution. The exploit takes advantage of a vulnerability in zend-mail component of Zend Framework versions below 2.4.11 and below 2.7.2. By injecting specific parameters, the attacker can write the transfer log into a file and execute arbitrary code.
This module exploits a missing check in the get_user and put_user API functions in the linux kernel before 3.5.5. The missing checks on these functions allow an unprivileged user to read and write kernel memory. This exploit first reads the kernel memory to identify the commit_creds and ptmx_fops address, then uses the write primitive to execute shellcode as uid 0. The exploit was first discovered in the wild in the vroot rooting application.
The vulnerability allows an attacker to include a remote file via the 'dir_edge_lang' parameter in the 'cal.func.php' file. This can lead to remote code execution on the affected system.
Wampserver installs two services called 'wampapache' and 'wampmysqld' with weak file permission running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
This exploit causes a crash in FTPShell server 6.36 when importing a CSV file. The exploit payload is a series of characters in a specific format that triggers the crash. It has been tested on Windows 7. The exploit can be found at http://www.ftpshell.com/download.htm.
XAMPP Control Panel crashes with access violation when writing junk bytes into several different ports. It is not that XAMPP Control Panel is listening on some port, however memory corruption and Denial Of Service does occur when you constantly write junk into, for instance, the MySQL, Tomcat, FileZilla, Mercury Mail listening ports.
Services By CQR