PicMe v2.1.0 is vulnerable to an upload shell vulnerability. An attacker can exploit this vulnerability by sending a malicious file to the upload page, which will be stored in the 'uploads' directory. The attacker can then access the malicious file and execute arbitrary code on the server.
A vulnerability in I-RATER Basic allows an attacker to upload a malicious shell to the server. The attacker can register on the website and then upload the shell using the 'poza.php' page. This vulnerability affects both Windows and Linux systems.
The vulnerability exists in iDevAffiliate v4.0, which allows an attacker to access the backup directory of the application. By accessing the backup directory, the attacker can download the backup files and gain access to the application's data.
Quick Player v1.2 is vulnerable to a buffer overflow exploit due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted M3U file to the application, which can lead to arbitrary code execution. This exploit was discovered by Corelan Security Team and was tested on Windows XP SP3.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'calendar.mdb' parameter to '/datastores/' directory. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
A SQL injection vulnerability exists in ezguestbook, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'gstbk.mdb' parameter. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server.
A vulnerability exists in the WEB Calendar application, where an attacker can remotely access the calendar35.mdb database, which contains sensitive information.
My Book World Edition NAS is vulnerable to Remote Command Execution, Web Server Default Security Misconfiguration, Information Disclosure, and Cross Site Scripting (XSS). Remote Command Execution can be achieved by entering a malicious command in the NTP TIME SERVER box on the e_datetime.php and system_general.php pages. Web Server Default Security Misconfiguration can be exploited by running commands with root privileges. Information Disclosure can be exploited by browsing the express.php page. Cross Site Scripting (XSS) can be exploited by entering malicious code in the ?lang= parameter of multiple pages.
The Vulnerability discovered in Microsoft Internet Information Services (IIS) can be exploited by malicious people to potentially bypass certain security restrictions and compromise a vulnerable system. The vulnerability is caused due to the web server incorrectly executing e.g. ASP code included in a file having multiple extensions separated by ';', if the first extension is equal to '.asp' (e.g. 'file.asp;.jpg'). This can be exploited to potentially upload and execute arbitrary ASP code via a third-party application using file extensions to restrict uploaded file types.
This vulnerability allows an attacker to gain access to admin login credentials by exploiting a bug in the com_kkcontent component of Joomla. The bug occurs when malicious characters are not filtered properly.
Services By CQR