The Add a link script version <= 4 - beta is vulnerable to a remote SQL injection vulnerability. The var $category_id isn't verified, allowing an attacker to inject arbitrary SQL queries. This can be exploited to read out sensitive information from the database, such as user credentials.
An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, modify data, or even execute system level commands.
X10media Mp3 Search Engine v1.5.5 is vulnerable to a remote file inclusion vulnerability. This vulnerability is due to the application not properly sanitizing user-supplied input in the 'web_root' parameter of the 'includes/function_core.php' and 'templates/layout_lyrics.php' scripts. An attacker can exploit this vulnerability by supplying a malicious URL in the 'web_root' parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'shop_this_skin_path' parameter of 'twindow_notice.php' script. A remote attacker can send a specially crafted HTTP request with malicious code in the 'shop_this_skin_path' parameter and execute arbitrary PHP code on the vulnerable system.
This exploit allows an attacker to execute arbitrary commands on a vulnerable Cisco router via a CSRF attack. The attacker must first embed the exploit code in a web page and then hope for the best. Cisco Admin's + Safari are the best targets for this exploit.
This exploit allows an attacker to execute arbitrary commands on a vulnerable Cisco router via a CSRF attack. The attacker must first embed the exploit code in a web page and then hope for the best. Cisco Admin's + Safari are the best targets for this exploit.
A vulnerability in PHP-Crawler v0.8 allows remote attackers to include arbitrary files via a URL in the footer_file parameter to footer.php.
This module exploits a denial of service vulnerability within the SuitLink service in Wonderware products.
phpRealty is prone to a remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
This Proof of concept creates a pipe and adds it in the postfix's epoll file descriptor. When the pipe is added, an endless loop will launch lots of events to the local and master postfix processes. This will slowdown de system a lot.
Services By CQR