ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities. i) Input passed via the 'userid' and 'password' parameter in '/upload/login.php' page is not properly verified before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL queries. ii) Input passed via the 'userid' and 'password' parameter in '/upload/admin/login.php' page is not properly verified before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL queries.iii) Input passed via the 'cat' parameter in 'upload/feed.php' page is not properly verified before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL queries. iV) Input passed via the 's' parameter in 'upload/search.php' page is not properly verified before being used in an SQL query.
The Coppermine web picture gallery script version 1.5.18 is affected by multiple vulnerabilities. The first vulnerability is a stored cross-site scripting (XSS) in the picture keywords feature. This vulnerability allows an attacker with appropriate privileges to insert malicious code in the keywords field, which is later displayed in the HTML meta section, leading to XSS attacks. The second vulnerability is a path disclosure vulnerability in the "visible" feature of the software. This vulnerability allows an attacker to disclose sensitive information about the file structure of the server.
This exploit allows an attacker to escalate their privileges on a Pixelpost installation. The vulnerability exists in the index.php file near lines 670-680, where an SQL injection can be performed. By manipulating the 'category' parameter, an attacker can execute arbitrary SQL commands and potentially gain administrative access to the application.
The UltraMJCam ActiveX control in the TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long argument to the OpenFileDlg method, which triggers a stack-based buffer overflow.
By invoking the Add() method is possible to call inside a memory region of choice set by the attacker through ex. heap spray or other techniques.
The D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control, specifically the DcsCliCtrl.dll, is vulnerable to a remote buffer overflow due to an unsafe lstrcpyW() call. This vulnerability can be exploited by an attacker to execute arbitrary code on a target system.
The Quest InTrust 10.4.x ReportTree and SimpleTree classes in ArDoc.dll ActiveX Control allow arbitrary file creation and overwrite through the SaveToFile method. This vulnerability can be exploited to remotely execute code if the attacker can control the file content.
This module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack.
The SetSource() method in the PlayerPT ActiveX Control Module is vulnerable to a buffer overflow. This can be exploited by an attacker to execute arbitrary code or cause a denial of service condition.
By crafting a link a remote user can inject custom command line parameters.
Services By CQR
