An Allaire Forums file "GetFile.cfm" in the root of the application directory allows anyone to access any file on the Forums server. This vulnerability affects Forums 2.0.4 and earlier.
Synergiser is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Attackers can inject arbitrary headers through a URL in PHP, leading to potential cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.
This exploit allows an attacker with physical access to a system to gain root privileges by exploiting a vulnerability in the sudo program. By creating a large number of pseudo-terminals (pts), the attacker can overflow a buffer in the sudo program and execute arbitrary code with root privileges. The vulnerability was reported by Qualys, Inc. and assigned CVE-2017-1000367.
The seccomp sandbox in older kernels (before 4.8) does not run the seccomp check again after the tracer is notified. This allows ptrace to be used to escape from the seccomp sandbox. This vulnerability affects multiple Android devices with older kernels, making seccomp policies that don't blacklist ptrace ineffective as security boundaries.
The DM Guestbook version 0.4.1 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by including arbitrary files from the system, such as /etc/passwd, by manipulating the 'lng' parameter in various PHP scripts. This allows an attacker to view sensitive information and potentially gain unauthorized access to the system.
The 'ATService' service in AnyTXT Searcher version 1.2.394 is installed with an unquoted service path, which could allow an attacker to escalate privileges and execute arbitrary code.
The vulnerability laboratory core research team discovered a local kiosk privilege escalation vulnerability in the deutsche bahn ticket vending machine series with windows xp.
The vulnerability allows a normal admin to escalate their privileges to super admin by exploiting a SQL injection vulnerability in Affiliate Me version 5.0.1. The vulnerability can be exploited by sending a specially crafted request to the admin.php file with an injected query.
The WBiz Desk 1.2 application is vulnerable to SQL Injection. An attacker can exploit the 'ticket.php' page by injecting malicious SQL code into the 'tk' parameter, allowing them to execute arbitrary SQL queries.
Services By CQR