This exploit targets the PU Arcade Joomla Component and allows an attacker to perform a remote SQL injection attack. By exploiting a vulnerability in the component, the attacker can retrieve the usernames and passwords from the jos_users table. The exploit URL is provided in the text.
The exploit allows an attacker to cause a denial of service (DoS) by crashing the FlashFXP software. By providing a specially crafted input, the software crashes when attempting to process it, rendering it unresponsive and unavailable.
The Odin Secure FTP Expert 7.6.3 software is vulnerable to a denial of service (DoS) attack. By sending a specially crafted payload, an attacker can cause the application to crash.
This exploit takes advantage of a SQL injection vulnerability in the WebPortal CMS <= 0.6.0. By manipulating the 'm' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the portal_users table. The vulnerability exists in the index.php file where the 'm' parameter is not properly sanitized before being used in a SQL query.
This exploit takes advantage of a local buffer overflow vulnerability in Easy RM to MP3 Converter version 2.7.3.700. By running a Python script and copying the generated content to the clipboard, an attacker can trigger the overflow when pasting the content into the 'Input' parameter of the application. This allows the attacker to execute arbitrary code and potentially gain control of the affected system.
This exploit takes advantage of a buffer overflow vulnerability in the Vantage Linguistics AnswerWorks 4 API ActiveX Control. It allows an attacker to execute arbitrary code on a vulnerable system.
The UCM6202 version 1.0.18.13 is vulnerable to remote command injection. An attacker can exploit this vulnerability to execute arbitrary commands on the target system.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
The Form Description and Field Description fields in the WPForms plugin’s Form Builder module was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. While they do not pose high security threat being an authenticated XSS vulnerability, an attacker can potentially exploit this to perform malicious actions on a WordPress multisite installation to have a super admin’s cookies sent to the attacker or redirect the super admin to another domain, for example, a phishing page designed to show that they have been logged out and would need to log back in, thus compromising their credentials. The form builder’s “preview” function was also vulnerable to reflected XSS.
The 'search.php' file in Joomla! com_hdwplayer 4.2 is vulnerable to SQL injection. The 'hdwplayersearch' parameter is not properly sanitized before being used in an SQL query, allowing an attacker to manipulate the query and potentially execute arbitrary SQL commands.
Services By CQR