The vulnerability allows an attacker to include local files by manipulating the 'pdf' parameter in the '/pdf.php' script. By specifying a relative path to a file, the attacker can read sensitive information, such as the '/etc/passwd' file.
This exploit targets ScadaTEC ModbusTagServer and ScadaPhone software. It triggers a buffer overflow vulnerability when loading a project from a zip file. The ScadaPhone exploit bypasses DEP on Windows XP SP3, while the ModbusTagServer exploit does not. The vulnerability affects ScadaPhone versions up to 5.3.11.1230 and ModbusTagServer versions up to 4.1.1.81. The exploit has been tested on Windows XP SP3 with NX enabled.
The exploit allows an attacker to perform SQL injection by manipulating the 'event_id' parameter in the URL.
This exploit bypasses Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) in DVD X Player 5.5 Pro. It uses a combination of ROP (Return-Oriented Programming) techniques to execute arbitrary code.
The WordPress Eventify - Simple Events plugin version 1.7.f and below is vulnerable to SQL Injection. By sending a specially crafted POST request to the fetcheventdetails.php file, an attacker can execute arbitrary SQL queries on the database.
The WordPress KNR Author List Widget plugin version 2.0.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted request to the knrAuthorListCustomSortSave.php file, allowing them to execute arbitrary SQL commands on the underlying database.
The WordPress Tweet Old Post plugin version 3.2.5 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the affected WordPress site's database.
This exploit allows an attacker to create a corrupt TOWeb.MO file which can lead to a local format string denial of service (DOS) vulnerability. By providing a specially crafted input, the attacker can cause the TOWeb application to crash or become unresponsive.
The exploit takes advantage of a buffer overflow vulnerability in the ZipX for Windows v1.71 software. By creating a specially crafted ZIP file, an attacker can trigger the buffer overflow and execute arbitrary code on the target system. The exploit has been tested on Windows XP SP3 Brazilian Portuguese.
The WordPress VideoWhisper Video Presentation plugin version 1.1 is vulnerable to SQL Injection. The 's' parameter in the 'c_status.php' file is not properly sanitized, allowing an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can execute arbitrary SQL queries, potentially gaining unauthorized access to the database.
Services By CQR