When /tell_a_friend.php is called directly the user is redirected at /product_info.php?products_id=0 where an access denied message is displayed. Providing a valid product id (eg. /tell_a_friend.php?action=process&products_id=[Product_id] ) though a guest user can bypass the restriction and send unsolicited mails through the system.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "form1_ref_immo" variable and "/members.php" script to properly sanitize user-supplied input in "form1_keyword" variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
VLC media player is prone to a heap-based memory-corruption vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious media file containing malicious subtitles with the vulnerable application.
Multiple vulnerabilities have been found in OemPro v3.6.4 and probably prior versions. Path disclosure vulnerability exists in cli_bounce.php. File upload vulnerability exists in fckeditor/editor/filemanager/upload/php/upload.php?Type=Media, which can be exploited to bypass any kind of restriction when uploading a media file. SQL Injections have been found in link.php, html_version.php and archive.php.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'linkid' parameter to '/details.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
There was an error when sending a response to the PASV command. Fortunately, these errors lead to buffer overflows. This exploit is unstable. It should only be used as a POC. I tried several times on various systems, the buffer sometimes changed. This POC is using 'the most selling feature' Automated FTP Request. So this POC, I use Auto Download with / as the Source Files. Scheduler Settings also set to Repetitive. Make sure to run the program first before this POC.
Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings.
This exploit is designed to be used with a modified superuser app which will use the su binary in /sqlite_stmt_journals/. It is important that the original exploid binary is deleted because, otherwise, any application can gain root. The exploit requires /etc/firmware directory, e.g. it will run on real devices and not inside the emulator.
The Zikula 1.2.4 and lower versions were vulnerable to Cross Site Request Forgery (CSRF). Zikula CMS 1.2.4 and lower versions contain a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for majority of administrator functions such as adding new user, assigning user to administrative privilege. By using a crafted URL, an attacker may trick the victim into visiting to his web page to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
This exploit is a denial of service attack against the Terminal Server Client. It involves creating a malicious .rdp file, which when opened, causes the Terminal Server Client to crash. The malicious .rdp file contains a buffer of 500 'A' characters, which causes the crash.
Services By CQR