PHPMoAdmin is a MongoDB administration tool for PHP built on a stripped-down version of the Vork high-performance framework. An attacker can exploit this vulnerability by sending a malicious POST request to the moadmin.php file with a crafted payload. This will allow the attacker to execute arbitrary code on the vulnerable system.
The WordPress cp-multi-view-calendar plugin version 1.1.4 is vulnerable to SQL Injection. An unauthenticated user can exploit the vulnerability by sending a malicious payload to the vulnerable parameters in the URL. An authenticated user can exploit the vulnerability by sending a malicious payload to the vulnerable parameters in the POST request. The vulnerability can be exploited to gain access to the database and execute arbitrary code.
Attacker can do a remote injection in site URL to get some sensitive information. Almost all versions are infected by this vulnerability.
Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings. The router is Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings. The web server of the router is vulnerable to directory traversal which allows reading files by sending encoded '../' requests.
GoAutoDial CE 2.0 is vulnerable to a remote code execution vulnerability. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server. This request contains a malicious command which is executed on the server. This can be used to upload a malicious shell on the server.
There are sql injection vulnerabilities in Calculated Fields Form Plugin which could allow the attacker to execute sql queries into database. These queries are execute without any csrf protection, The attacker can use this csrf vulnerability to execute queries in the sql by sending malicious page to the logged in admin. Attacker can use this vulnerabilities to update admin password.
VFU 4.10 (probably up to 4.14) contains a buffer overflow when a user moves a file entry around with a large filename. To trigger this vulnerability, extensive user interaction is required. Steps to reproduce the bug: create a file with a large (>115 characters), run VFU and select 'A' and then 'V' to move the large file entry around. Upon confirming the entry move, VFU crashes due to a buffer overflow in this function. This overflow allows execution of arbitrary commands with the privilege of the current user.
Seagate Business NAS pre-authentication remote code execution exploit as root user. It exploits a vulnerability in the authentication process of the NAS device, allowing an attacker to gain root access to the device. The exploit works by sending a specially crafted request to the authentication page of the NAS device, which contains a malicious payload that is then executed on the device.
Using a crafted input (e.g. from a malicious file via “-init” parameter or directly given to the std input of the program) it is possible to trigger a memory corruption vulnerability in the most recent version of SQLite3. The memory corruption could be controlled, therefore the program flow could be manipulated by the attacker.
Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.
Services By CQR