An attacker can inject SQL code through the HTTP Accept-Language header in the query at line 799 of the lib.regset.php file. This can be used to inject PHP code into the Docebo web directory by using the INTO DUMPFILE statement, which requires FILE privilege.
A buffer overflow vulnerability exists in McAfee E-Business Server 8.5.2 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to cause a denial of service condition by sending a specially crafted packet to the server. This vulnerability is remotely exploitable.
The MaxDB server executes 'cons.exe DATABASE COMMAND' through system() when some special commands are called by the user. Some of these special commands are 'show' and 'exec_sdbinfo' and this last one is just one of the small amount of commands which can be executed by the unauthenticated users before logging in. The usage of system() for executing the cons program allows an external unauthenticated attacker to execute any command he wants on the target SAP MaxDB server simply passing the '&&' or other patterns for the execution of multiple commands in the shell.
Tuned Studios Templates has Local File Include vulnerability in page phpversion/index.php. An example exploit is http://[server]/[installdir]/index.php?page=../../../../../../../[file]%00
It is possible, using the "SaveFile()" method, to save the content of the rich textbox on a user's pc. This can be used to save, overwrite and/or corrupt arbitrary files on the system.
Using the 'DoCmd()' function, an attacker can run applications passed as argument.
The exploit works only if the function system(); is enabled on the server. An attacker can access the backup_phpwebquest.php file which will return a message with the database credentials.
osData is a php dating script that is vulnerable to a local file include vulnerability. This vulnerability is due to the lack of proper sanitization of user-supplied input to the 'php121dir' parameter in the 'php121db.php' script. An attacker can exploit this vulnerability to include arbitrary files from the local system and execute arbitrary code.
This exploit is used to gain access to the user credentials of a vulnerable PHP Webquest 2.6 application. The vulnerability lies in the soporte_horizontal_w.php file, where the application is not properly sanitizing user input. An attacker can exploit this vulnerability by sending a malicious SQL query to the application, which will return the user credentials.
A buffer overflow vulnerability exists in Windows Media Player when processing a specially crafted SMIL file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the user running the application. This vulnerability is due to a boundary error when processing a specially crafted SMIL file. By sending a specially crafted SMIL file, an attacker can cause a stack-based buffer overflow, resulting in the execution of arbitrary code.
Services By CQR