The MailMachine Pro 2.2.4 version is vulnerable to a remote SQL injection attack. By manipulating the 'id' parameter in the 'showMsg.php' page, an attacker can execute arbitrary SQL queries and retrieve sensitive information, such as user credentials.
The exploit creates a large buffer filled with 'A' characters and attempts to write it to a file named 'Evil.txt'. If successful, the exploit will cause the Duplicate Cleaner Pro software to crash when the content of 'Evil.txt' is pasted into the 'License key' field and the 'Activate' button is clicked.
This exploit allows an attacker to crash the Backup Key Recovery software by providing a specially crafted 'Key' value. By running a python script, a file (poc.txt) is created with a payload of 1000 'A' characters. When the software is launched and the payload is copied into the 'Key' field, the software crashes.
The Dnss Domain Name Search Software is prone to a denial-of-service (DoS) vulnerability. This allows remote attackers to crash the application by providing a specially crafted value for the 'Name' field. A proof-of-concept (PoC) exploit is provided in the form of a Python script that creates a file containing a payload of 1000 characters and causes the application to crash when the payload is copied into the 'Name' field.
This exploit allows an attacker to remotely add an administrator to the AuraCMS 2.2 system. By bypassing the 'admin_users.php' file's direct access prevention, the attacker can execute arbitrary code and gain administrative privileges. The vulnerability lies in the 'cek_login()' function, which checks the login status through session cookies and allows access to 'admin_users.php' for users with any level of login.
The Adaware Web Companion version 4.9.2159 is vulnerable to an unquoted service path vulnerability. The 'WCAssistantService' service has a binary path name that is not properly quoted. This could allow an attacker to execute arbitrary code with elevated privileges if they are able to place a malicious executable in the same directory as the service executable.
CSRF vulnerability was discovered in v4.0.5 version of Subrion CMS. With this vulnerability, authorized users can be added to the system.
Ricoh (IBM) InfoPrint 1532 devices allow Stored XSS via the 1.network.6.10 parameter to the cgi-bin/posttest/cgi-bin/dynamic/config/gen/general.html URI. (HTML Injection can also occur.)
Multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities exist in TeamCal Pro version 3.1.000 and earlier. These vulnerabilities allow an attacker to include arbitrary remote or local files, potentially leading to remote code execution or information disclosure.
The SpotFTP FTP Password Recovery software version 3.0.0.0 is vulnerable to a denial of service attack. By providing a specially crafted input in the 'Key' field, an attacker can cause the software to crash, resulting in a denial of service condition.
Services By CQR