This exploit allows an attacker to change the admin username and password and add a new admin user in AdaptCMS Lite version 1.5. The attacker can modify the values in the HTML form to specify the new username, password, email, and level of the admin user.
The leaftec cms is vulnerable to SQL Injection and XSS/HTML Code Injection. The SQL Injection vulnerability can be exploited by manipulating the 'id' parameter in the 'article.php' file. The XSS/HTML Code Injection vulnerability allows an attacker to inject malicious HTML or JavaScript code, which is then executed on the website. Examples of both vulnerabilities are provided in the text.
This vulnerability allows an attacker to include remote files on the target server. The vulnerability exists in the DaFun Spirit 2.2.5 script. By manipulating the 'lgsl_path' parameter in the lgsl_protocol.php, an attacker can include arbitrary files from a remote server. This can lead to remote code execution or information disclosure on the target server.
This exploit allows an attacker to execute arbitrary code on a vulnerable SAP MaxDB server by sending a specially crafted handshake request. The vulnerability is caused by a buffer overflow in the server's handling of handshake requests, allowing an attacker to overwrite the return address and execute arbitrary code.
The Direct News 4.10.2 script is vulnerable to multiple remote file inclusion vulnerabilities. The affected files include 'menu.php', 'update_content.php', 'class.backup.php', and 'lib.menu.php'. These vulnerabilities allow an attacker to include arbitrary remote files by manipulating the 'rootpath' or 'adminroot' parameters. This can lead to remote code execution and compromise the security of the application.
Multiple Lexmark Laser Printers contain remote buffer overflow vulnerabilities in their PJL processing functions.
The Joomla component com_universal (UWCMS Universal Web CMS) version 1.0.0 is vulnerable to remote file inclusion. The vulnerability is present in the 'config.html.php' file, where the 'mosConfig_absolute_path' parameter is not properly validated before being used in a require_once() function. An attacker can exploit this vulnerability by injecting a malicious URL in the 'mosConfig_absolute_path' parameter, allowing them to include and execute arbitrary files on the server.
This PoC executes the calc.exe software on the remote system. The bug was discovered by Luigi Auriemma (www.aluigi.org)
The Joomla component com_jwmmxtd has a vulnerability that allows remote file inclusion. The vulnerability is present in the admin.jwmmxtd.php file, where the mosConfig_absolute_path parameter is not properly sanitized, allowing an attacker to include arbitrary files from the server.
This exploit can crash FreeSSHD 1.2.4 on ssh2 connection by using a malformed string on the SSH Key Exchange Init Corruption.
Services By CQR