dreamnews (rss) is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable page parameter. This can be done by appending a malicious SQL query to the vulnerable page parameter in the URL. For example, www.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--
AuraCMS version 2.2.2 and below is vulnerable to an arbitrary edit/add/delete data halaman exploit. The pages_data.php file from the beginning to the end does not have a clear rule, who, rights, level in accessing this file. This file contains code that can delete, add, and edit data halaman in the auracms database, so without a clear rule in the pages_data.php file, this file must have a very disgusting bug.... huee..... :(
The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability results from memory management bugs in the Page class constructor/destructor.
This exploit is for Download Accelerator Plus 8.x (m3u) 0day Local Buffer Overflow. The bug was discovered by Krystian Kloskowski (h07) and tested on Download Accelerator Plus 8.6 / XP SP2 Polish. The exploit uses a Windows Execute Command (calc) shellcode and the return address is JMP ESP (SHELL32.DLL / XP SP2 Polish). The exploit creates an evil.m3u file which can be imported and clicked on 'Verify' to execute the shellcode.
A malicious SVG file can cause a denial of service in Firefox's 'browse for file, preview' object, evince, and eog on Linux. It is unknown at this time whether code execution is possible.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'sIncPath' parameter in 'content.inc.php' script. This can be exploited to include arbitrary remote files containing malicious PHP code, which will be executed within the context of the vulnerable web server.
Last Minute Script 4.0 (and all prior versions) suffer from a multirow SQL injection flaw, This allows the remote attacker to execute arbitrary MySQL querys, and possibly gaining access to confidential information. Passwords are in plaintext.
This exploit allows an attacker to gain root access to a vulnerable Trixbox system. The attacker can execute arbitrary code on the system by sending a malicious payload to the vulnerable web application. The payload is then executed by the system, allowing the attacker to gain root access.
An SQL injection vulnerability exists in the com_content component of Joomla! CMS. An attacker can send a specially crafted request to the vulnerable application in order to execute arbitrary SQL commands in application's database. This can be exploited to disclose sensitive information from the database, modify data, compromise the integrity of data, and potentially compromise the underlying system.
Services By CQR