The search variable in 'search.php' is not santized before the Db query, allowing an attacker to alter the SQL query and gain remote access to the server running the infusion.
A cross-site request forgery vulnerability in dotProject 2.1.5 can be exploited to create a new admin.
This exploit is a local privilege escalation vulnerability in DESlock+ version 4.1.10 and below. It allows an attacker to gain SYSTEM privileges by exploiting a vulnerability in the vdlptokn.sys driver. The exploit works by switching the tokens of the SYSTEM process and the current process, allowing the current process to gain SYSTEM privileges.
A cross-site request forgery vulnerability in AIOCP (All In One Control Panel) 1.4.001 can be exploited to create a new admin.
Model Agentur Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
A buffer overflow vulnerability exists in AoA Mp4 converter v4.1.0 Activex which allows a remote attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to a boundary error when handling specially crafted arguments passed to the InitLicenKeys() method of the vulnerable ActiveX control. An attacker can exploit this vulnerability by enticing a user to visit a malicious web page containing specially crafted HTML code that triggers the overflow.
A buffer overflow vulnerability exists in AoA DVD Creator V2.5 Activex due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can result in arbitrary code execution in the context of the application.
A vulnerability in SWFUpload v2.5.0 Beta 3 allows an attacker to upload arbitrary files with a php extension. This can be exploited to execute arbitrary PHP code by accessing the uploaded file via a web browser.
MyMarket version 1.71 is vulnerable to SQL Injection. An attacker can inject malicious SQL codes into the 'id' parameter of the 'index.php' page of the application. This can be exploited to gain access to the database and potentially gain access to sensitive information.
ProFTPD is vulnerable to an integer overflow in the mod_sftp module. This vulnerability can be triggered by sending a specially crafted SSH2_FXP_INIT packet with an overly large 'version' field. This can lead to a denial of service or potentially arbitrary code execution.
Services By CQR