The vulnerability exists in the '/yourauctions_p.php' file of the WeBid auction script package. The code snippet starting from line 29 allows an attacker to perform blind SQL injection by manipulating the '$_POST['startnow']' parameter. This can lead to unauthorized access to the database or disclosure of sensitive information. Additionally, the code snippet does not properly sanitize user input, which could result in local file disclosure.
This exploit allows an attacker to perform SQL injection on the Craigslist Clone Gold script. By manipulating the 'view' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The specific payload used in the exploit is '-1 union select concat(email,0x3a,code) from clf_ads--'.
This is a proof-of-concept exploit for an unknown vulnerability in Office 2003 that allows for control of the ecx register. The exploit is triggered by executing the provided code.
A remote denial of service vulnerability affects Spinworks Application Server. This issue is due to a failure of the application to properly handle malformed requests. An attacker may leverage this issue to trigger a denial of service condition in the affected software.
A remote buffer overflow vulnerability affects Working Resources BadBlue. An attacker may leverage this issue to execute arbitrary code with the privileges of the affected Web server, facilitating a SYSTEM level compromise.
A remote buffer overflow vulnerability affects Working Resources BadBlue. This issue is due to a failure of the application to securely copy GET request parameters into finite process buffers. An attacker may leverage this issue to execute arbitrary code with the privileges of the affected Web server, facilitating a SYSTEM level compromise.
Multiple vulnerabilities have been found in D-Link IP cameras that could allow an unauthenticated remote attacker to execute arbitrary commands, access the video stream via HTTP and RTSP, and bypass RTSP authentication using hard-coded credentials.
A vulnerability has been identified in the handling of certain types of requests by Xinkaa WEB Station. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.
An attacker can exploit an authentication bypass vulnerability in CitrusDB by using a static value during the creation of user cookie information. This allows the attacker to log in as any existing user, including the 'admin' account.
APCUPSD has a world-writeable pid file, which allows an attacker to kill another pid and create a denial of service against any running daemon. This can be done by stopping the apcupsd or killing it using its pid.
Services By CQR