Exploit is not described in the given text.
The SN News <= 1.2 application is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain unauthorized access to the application's database.
This vulnerability allows an attacker to upload arbitrary files to the target system using the Foxypress plugin for Wordpress. The exploit uses a specially crafted PHP file to upload a file named lo.php to the target system. The uploaded file can be used to execute arbitrary code on the target system.
The vulnerability allows an attacker to disclose sensitive information, send arbitrary emails, and perform blind SQL injection attacks. The attacker can access the website's configuration file, send emails with arbitrary content, and execute arbitrary SQL queries.
The Membris v 2.0.1 application is vulnerable to SQL Injection, XSS, and File Disclosure vulnerabilities. The SQL Injection vulnerability can be exploited through the 'voir-actualites.php' page by manipulating the 'idn' parameter. The XSS vulnerability can be exploited through the 'search.php' page by manipulating the 'req' parameter. The File Disclosure vulnerability can be exploited through the 'admin/actions-plugin.php' page by manipulating the 'acces' parameter.
The vulnerabilities allow an attacker to perform a reflected cross-site scripting (XSS) attack and a cross-site request forgery (CSRF) attack. The XSS vulnerability can be exploited by injecting malicious code through the 'nsextt' parameter in the 'index.php' page. The CSRF vulnerability can be exploited by submitting a crafted form to the 'content.php?screen=resellers/edit_reseller' endpoint. Both vulnerabilities allow the attacker to execute arbitrary code or perform unauthorized actions on behalf of the victim.
High-Tech Bridge SA Security Research Lab has discovered 2 buffer overflow vulnerabilities in Wireless Manager Sony VAIO which can be exploited to execute arbitrary code on vulnerable system.
This module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.
A blind SQL injection vulnerability exists in the 2.4.5 core of Jaow. The vulnerable page is add_ons.php, where the add_ons variable is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL code into the add_ons parameter. This can lead to unauthorized access to the database.
GUESTEX guestbook is vulnerable to remote code execution in how it handles its 'email' parameter. The script does not properly sanitize the 'email' parameter, which is used when opening a pipe to sendmail.
Services By CQR