This exploit targets the LushiWarPlaner 1.0 register.php file and allows for remote SQL injection.
This exploit targets Solaris 2.4 and allows remote attackers to execute arbitrary code or gain unauthorized access.
The exploit creates a file with a large number of characters, causing a stack overflow exception. It does not execute arbitrary code but can potentially be exploited by someone with better knowledge.
The vulnerability allows remote attackers to include arbitrary files from external sources, potentially leading to remote code execution.
CATIRPC.dll does not properly handle TADDR2UADDR procedures used in RPC communications with the CA RPC Server (Catirpc.exe). This leads to a condition where a null memory pointer is dereferenced. This appears to be only a DoS, but please prove me otherwise. This was tested on BrightStor ARCserve Backup 11.5.2.0 (SP2).
The vulnerability allows an attacker to include a remote file in the application's code, potentially leading to remote code execution.
This vulnerability allows an attacker to include a remote file in the MyNews application, potentially leading to remote code execution. The vulnerability is located in the themefunc.php file, specifically in line 2 where a file is required without proper validation.
The ACGVannu version 1.3 and below in the index2.php file is vulnerable to a remote user password change vulnerability. By sending a specially crafted request to the index2.php file with the 'id' parameter set to a specific user ID, an attacker can change the password of the targeted user.
The Plex Media Server '/system/proxy' functionality fails to properly validate pre-authentication user requests, allowing unauthenticated attackers to make the Plex Media Server execute arbitrary HTTP requests. By requesting content from 127.0.0.1 an attacker can bypass all authentication and execute commands with administrative privileges. Additionally, due to insufficient input validation, arbitrary local files can be disclosed, including files that contain passwords and other sensitive information.
This exploit allows an attacker to register a new user, retrieve database information, disclose the full path, get administrator login and password, upload a malicious picture, and create a hidden forum. It also includes a shell command execution capability.
Services By CQR