A vulnerability in the Peugeot Music Plugin for Wordpress allows an attacker to upload arbitrary files to the server. This is due to the lack of proper validation of the uploaded file. An attacker can exploit this vulnerability by sending a malicious file to the upload.php page via a POST request. The malicious file will then be uploaded to the server and can be accessed via the uploads directory.
An attacker can download a file containing critical information about the destination address by accessing the URL https://TargetIp/web_caps/webCapsConfig
Attacker can bypass admin panel authentication by entering Username as ' OR 0=0 # and any Password.
eWallet - Online Payment Gateway 2 suffers from csrf vulnerability. Attacker can send target account balance to his account.
PHP Dashboards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP Dashboards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP Dashboards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. While OMACP WAP pushes require authentication, the entire WbXml payload of a push is parsed to extract the credentials, so this bug occurs pre-authentication.
Shipping System CMS 1.0 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application and execute arbitrary SQL commands in the back-end database.
This exploit sends a malicious packet to the target system, which causes a denial of service. The malicious packet is sent to port 5000000.
Services By CQR