A vulnerability in the Joomla com_books component allows an attacker to inject arbitrary SQL commands via the book_id parameter. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords. The vulnerability is caused by insufficient sanitization of user-supplied input.
This exploit is related to the own() function in the code. The own() function is vulnerable to a buffer overflow attack due to the lack of proper input validation. The attacker can send a malicious payload to the own() function which can cause a buffer overflow and lead to arbitrary code execution. This exploit is related to CVE-2020-12345.
Nine:Situations:Group::bruiser discovered a buffer overflow vulnerability in ooVoo 1.7.1.35. The vulnerability is triggered when a maliciously crafted URL is processed by ooVoo.exe, which can lead to arbitrary code execution.
AJ Classifieds is prone to an authentication-bypass vulnerability because it fails to properly authenticate users. An attacker can exploit this issue to gain access to the application and perform unauthorized actions; this may lead to other attacks.
smcFanControl is a very popular software installed on most Macbooks. A buffer overflow vulnerability exists in the smc binary due to the lack of proper input validation when handling the '-k' option. As the binary is installed with suid root, a local user can gain root privileges.
AJSquare Free Polling Script is vulnerable to Blind SQL Injection and Reset Votes. Blind SQL Injection can be exploited by sending a crafted request to the vulnerable script. The resetvote.php script can be called to reset the votes.
A vulnerability exists in PHP Store Real Estate, which allows an attacker to upload a malicious file to the server. An attacker can register to the site and add a malicious code to the head of a shell file. The attacker can then login to the site and edit their profile, uploading the malicious shell file. The shell file will be stored in the localhost/script/re_images/[ID]_logo_your_shell.php path.
A vulnerability in the PHPStore Job Search script allows an attacker to upload a malicious file to the server. The attacker can then access the malicious file by accessing the jobseeker_profile_images directory. The malicious file can be uploaded by adding the code 'GIF89a;' to the beginning of the malicious file and then uploading it as a profile photo. The attacker can then access the malicious file by accessing the jobseeker_profile_images directory.
A vulnerability exists in PHP Store Auto Classifieds which allows an attacker to upload a malicious file to the server. An attacker can register to the site and add a malicious code to the head of a shell file. The attacker can then login to the site and edit their profile to upload the shell file. The shell file will be uploaded to the server at a path such as localhost/script/cars_images/[ID]_logo_your_shell.php
AJ Article is vulnerable to an authentication bypass vulnerability. This vulnerability allows an attacker to access the administrative panel of the AJ Article application without authentication. The vulnerable pages include user.php, articles.php, articlesuspend.php, site.php, statistics.php, mail.php, category.php, subcategory.php, changepassword.php, polling.php, logo.php, etc. An attacker can exploit this vulnerability by accessing the vulnerable pages directly.
Services By CQR