This exploit allows an attacker to execute arbitrary code on a vulnerable OCS Inventory NG 2.7 server. The vulnerability exists in the admin_conf function, which can be abused to inject a payload that will execute a command on the server. By exploiting this vulnerability, an attacker can gain remote code execution privileges on the server.
This exploit allows an attacker to execute arbitrary commands on the target system by injecting malicious commands into the 'name' parameter of the create_repo function in ZenTao Pro version 8.8.2. By manipulating the 'name' parameter, an attacker can execute commands with the privileges of the web server user.
A successful attempt would require the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
We own dsize in read(desc, src + dsize, exe_sections[i + 1].rsz)) != exe_sections[i + 1].rsz) exploited with randomize_va_space = 0
The Code Blocks software version 20.03 is vulnerable to a Denial of Service (DoS) attack. By providing a large payload, the software crashes when attempting to search for symbols in the 'Management' section. This can be exploited by an attacker to disrupt the functionality of the software.
This exploit causes a denial of service (DoS) in Frigate 2.02 software. By providing a large payload of 8000 characters, the application crashes when the payload is pasted into the 'Command Line' field in the Frigate application.
Online Student Enrollment System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.
The OpenCTI 3.3.1 version is vulnerable to directory traversal. This vulnerability allows an attacker to access arbitrary files on the server by manipulating the 'TARGET/static/css/' parameter in a GET request. By using a payload like '../../../../../../../../etc/passwd', an attacker can retrieve sensitive information such as the password file.
Exploits a pre-authentication memcpy based stack buffer overflow vulnerability in httpd on several devices and versions.
A sensitive information disclosure vulnerability exists in the web interface component of Avaya IP Office. A local user can gain unauthorized access to the component by exploiting the Base64 encoded credentials passed in the URL query string.
Services By CQR