There is a SQL injection vulnerability in the thanks.php file of Nexusphp v1.5. The vulnerability is caused by not checking the $_POST['id'] parameter, allowing an attacker to perform an SQL injection attack. An attacker can exploit this vulnerability by using the payload _POST[id] : -1 union select version()>4/*
This is a race condition exploit for the CVE-2011-1485 vulnerability in the pkexec utility. The exploit allows an attacker to gain root privileges on a Linux system. The exploit code is written in C and uses the fork() function to create multiple processes.
This exploit bypasses Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) in BlazeVideo HDTV Player 6.6 Professional. It allows an attacker to execute arbitrary code on a vulnerable system. The exploit takes advantage of a buffer overflow vulnerability in the software.
Google Chrome suffers from a memory corruption vulnerability that occurs in the manipulation of PDF files. The failure occurs when the browser opens an HTML file that contains multiple tag <IFRAME> pointing to a PDF file. So it is a memory corruption flaw allows code to run within the sandbox.
Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario.
The MARINET CMS room.php script is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by manipulating the 'rid' parameter in the URL to inject SQL statements, potentially gaining unauthorized access to the database.
Proof-of-concept crash for the FreeBSD Unix domain sockets heap overflow. This was tested on FreeBSD 8.2-RELEASE. This PoC will usually result in a kernel panic with a read access violation at 0x616161XX but sometimes the kernel will not crash straight away (particularly if you shorten the length of 'sun_path' -- try 140 bytes), and your uid (see output of `id`) may have been modified to the decimal equivalent of 0x61616161 during the heap smash.
The WordPress WP Bannerize plugin version 2.8.7 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious POST data to the ajax_sorter.php file, allowing them to execute arbitrary SQL queries.
The driver 'nprosec.sys' in Norman Security Suite 8 is vulnerable to a kernel pointer dereferencement. An attacker with local access to the machine can exploit this vulnerability to escalate their privileges and gain SYSTEM privileges from a limited account.
This vulnerability allows an attacker to inject SQL queries into the WordPress Mingle Forum plugin version 1.0.31. By manipulating the POST data, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access or data leakage.