The WordPress Core version 6.2 is vulnerable to a directory traversal attack. An attacker can manipulate input in a way that allows them to access files outside of the intended directory, such as sensitive system files like /etc/passwd. This vulnerability is identified as CVE-2023-2745.
The FatWire UpdateEngine is prone to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials and other attacks.
This exploit allows an attacker to retrieve the username and password from the RPS 6.2 system using SQL injection.
This exploit allows an attacker to download and overwrite files on a vulnerable system using the "GetToFile" method of the CLINETSUITEX6.OCX ActiveX control. The provided code downloads a text file from a remote server and saves it to the local system. The exploit can be modified to overwrite any file on the system, such as cmd.exe.
This is an exploit for UBB.Threads version 6.2.* - 6.3.*. It uses a one char brute technique.
Based on Ruder's discovery, this exploit allows an attacker to execute arbitrary code by sending a long parameter to the ping command in the telnet service of CCProxy server. The vulnerability is a stack-based overflow. The exploit uses a shellcode that binds to port 101 and connects back to the attacker using netcat. This exploit has been tested on Windows XP SP1 English.
IDM v6.20 Local Buffer Overflow is a local exploit which allows attackers to execute arbitrary code on vulnerable installations of Internet Download Manager. The vulnerability is due to a boundary error within the processing of the username field when configuring a VPN/Dial Up connection. By sending a specially crafted string, an attacker can overwrite the EIP register and control the flow of execution. This can be exploited to execute arbitrary code by sending a malicious string to the username field when configuring a VPN/Dial Up connection.
IBM Tivoli Directory Server is prone to a denial-of-service vulnerability caused by heap memory corruption. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.
XFSMD is vulnerable to remote command execution due to insufficient sanitization of arguments passed to the RPC. If shell metacharacters, such as ';' and '|' are embedded in the remotely supplied arguments, additional commands may be executed with root privileges.
The truncate() system call on a number of versions of the IRIX operating system (with the xfs file system) does not properly check permissions before truncating a file, making it possible for unprivileged users to damage files to which they would otherwise not have write access.
Services By CQR