The exploit allows an attacker to include local files on the server by manipulating the file path in the HTTP request. This can lead to unauthorized access to sensitive information or remote code execution.
The 'cat' variable in the 'products.php' file in vKios <= 2.0.0 is not properly filtered, allowing remote attackers to manipulate SQL statements via a specially crafted URL.
This module exploits Git fetch command in Gitea repository migration process that leads to a remote command execution on the system. This vulnerability affects Gitea before version 1.16.7.
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
This exploit targets a buffer overflow vulnerability in the ImageStation ActiveX control (SonyISUpload.cab 1.0.0.38). It allows an attacker to execute arbitrary code on a vulnerable system.
This is an exploit for IIS 5.0 WebDAV that allows remote code execution. It utilizes a pretty magic number as the return address and does not require netcat or telnet.
This exploit targets Easy Chat Server version 3.1 and utilizes a remote stack buffer overflow vulnerability. It allows an attacker to execute arbitrary code on the target system, potentially leading to remote code execution.
The exploit allows an attacker to send poisoned ARP packets to a target, causing a Denial of Service (DOS) on Nginx 1.20.0. The vulnerability was discovered by X41 D-SEC GmbH, Luis Merino, Markus Vervier, and Eric Sesterhenn. By exploiting this vulnerability, an attacker can disrupt the normal functioning of the Nginx service.
The Marval MSM application version v14.19.0.12476 is vulnerable to remote code execution (RCE) when an authenticated user sends a specially crafted POST request to the ScriptHandler.ashx endpoint. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system.
The Contao version 4.13.2 is vulnerable to a cross-site scripting (XSS) attack. An attacker can exploit this vulnerability by injecting malicious code into the 'canonical URL' field, which is not properly sanitized. This allows the attacker to execute arbitrary JavaScript code in the context of the victim's browser.
Services By CQR