This script is riddled with unsanitized REQUEST variables that allow multiple SQL injections. The PoC shows an example of an SQL injection attack. The vulnerable code is shown on line 150 of discussion.php file.
This exploit takes advantage of a vulnerability in the member_menu_queries.php file of the Dolphin software version 7.0.7 or below. By manipulating the 'bubbles' parameter in the URL, an attacker can inject arbitrary PHP code into the server.
The Mozilla Firefox browser is vulnerable to an integer overflow exploit in the Array.reduceRight() function. This vulnerability allows an attacker to bypass DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) protections using a Java MSVCR71 sayonara rop chain. The exploit has been tested on Windows 7 Ultimate with Firefox versions 3.6.16 and 3.6.17.
The exploit allows an attacker to perform SQL injection by modifying the POST request in the userbarsettings.php file.
myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor's source package.
This module exploits an arbitrary command execution vulnerability in nmap.php and nbtscan.php scripts.
There is a SQL injection vulnerability in the thanks.php file of Nexusphp v1.5. The vulnerability is caused by not checking the $_POST['id'] parameter, allowing an attacker to perform an SQL injection attack. An attacker can exploit this vulnerability by using the payload _POST[id] : -1 union select version()>4/*
This is a race condition exploit for the CVE-2011-1485 vulnerability in the pkexec utility. The exploit allows an attacker to gain root privileges on a Linux system. The exploit code is written in C and uses the fork() function to create multiple processes.
This exploit bypasses Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) in BlazeVideo HDTV Player 6.6 Professional. It allows an attacker to execute arbitrary code on a vulnerable system. The exploit takes advantage of a buffer overflow vulnerability in the software.
Google Chrome suffers from a memory corruption vulnerability that occurs in the manipulation of PDF files. The failure occurs when the browser opens an HTML file that contains multiple tag <IFRAME> pointing to a PDF file. So it is a memory corruption flaw allows code to run within the sandbox.
Services By CQR