An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the back-end database.
This exploit allows an attacker to dump all users from a vulnerable XPOZE Pro version 3.05 website. The attacker can also get the admin details by entering valid username and password. The exploit uses a post request to log in and then a get request to dump the users.
This exploit is a local privilege escalation vulnerability in SCO UnixWare Merge mcd. It allows a local user to gain root privileges by exploiting a symlink vulnerability in the Merge mcd program. The exploit creates a symlink to a device file, which is then used to execute a malicious binary with root privileges.
This exploit is a local privilege escalation vulnerability in SCO UnixWare Reliant HA. It allows a local user to gain root privileges by exploiting a symlink vulnerability in the hvdisp and rcvm binaries. The exploit creates a symlink to the current process's a.out file in the bin directory, and then sets the RELIANT_PATH environment variable to the current working directory. This allows the exploit to execute the hvdisp or rcvm binary with root privileges.
This exploit is for SCO UnixWare < 7.1.4 p534589. It uses the pkgadd command to create a symbolic link to /etc/default/su, which is then used to gain root privileges.
An attacker can exploit a remote SQL injection vulnerability in KwsPHP Module ConcoursPhoto. The vulnerability is present in the 'C_ID' parameter of the 'index.php' script when 'mod' is set to 'ConcoursPhoto' and 'VIEW' is set to 'prix'. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
KwsPHP v1.3.456 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow the attacker to gain access to sensitive information stored in the database.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL queries in the vulnerable parameter and execute arbitrary SQL commands in the back-end database.
Execution of arbitrary code is possible, but it annoys me at the moment.
PHP Block a8.4 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it as if it was a local file. This vulnerability is due to the application not properly sanitizing user input supplied through the PATH_TO_CODE parameter. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to an unsuspecting user.
Services By CQR