Multiple remote SQL injection vulnerabilities in FreeWebshop version 2.2.1 allow remote attackers to manipulate SQL queries through the browser. The 'prod' variable in 'detail', the 'cat' variable in 'list', and the 'group' variable in 'index.php' are not properly filtered, allowing for SQL injection attacks.
The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw. The crafted JPEG header makes Windows crash in a couple of different ways. First, it crashes when the image is opened. Second, it crashes when hovering the mouse over the image. The pointer overwrite is pretty straightforward in a debugger.
Simple SQL injection after application authentication. The exploit includes boolean-based blind, error-based, and time-based blind techniques.
The CollegeManagementSystem-CMS version 1.3 is vulnerable to SQL Injection. The 'batch' parameter is not properly sanitized, allowing attackers to inject malicious SQL code.
The exploit is a buffer overflow in the 'User/Master Password' feature of docPrint Pro v8.0. By providing a specially crafted input, an attacker can overwrite the Structured Exception Handler (SEH) and gain control of the program execution flow. This allows the attacker to execute arbitrary code or crash the application.
The 'prod' variable in 'detail', the 'cat' variable in 'list', and the 'group' variable in 'index.php' are not properly filtered, allowing remote attackers to manipulate SQL queries via the browser.
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
The exploit is caused by an invalid memory read in DWrite!sfac_GetSbitBitmap while rasterizing the glyphs of a slightly malformed TrueType font. This vulnerability can be triggered by embedding a proof-of-concept font in a web page.
This exploit allows an attacker to include local files and disclose full file paths on the target system. The vulnerability can be exploited through the 'updater.php' and 'thumber.php' files by manipulating the 'lang_sel' parameter. Additionally, there are other XSS vulnerabilities present in the 'index_3x.php' file. The script 'phpinfo.php' can be used to view phpinfo() on the target system.
This module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version v1.0.412 on Ubuntu.
Services By CQR