Uploaderr is a file hosting script that is vulnerable to a shell upload vulnerability. An attacker can upload a malicious shell to the /uploads/ directory and gain access to the server. This vulnerability has a CVSS score of 9.3 and is assigned CVE-2020-12345.
Millenium MP3 Studio 2.0 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted playlist file to the application, resulting in arbitrary code execution.
A vulnerability exists in the Joomla component com_lyftenbloggie, which could allow an attacker to inject arbitrary SQL commands. This is due to the lack of proper sanitization of user-supplied input to the 'author' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation could result in unauthorized access to sensitive information stored in the database, or even full control of the application.
Flashden is vulnerable to shell upload. To exploit the vulnerability, the attacker needs to go to the select_file2.php page, select the shell.php file, upload it and then go to the upload/shell.php page.
A HTTP GET request against the URL http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27 and a HTTP POST request against http://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true with an 'application/x-www-form-urlencoded' content type HTTP body part containing date1=%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cx+y%3D%27' can be used to exploit the Cross Site Scripting vulnerability in Cacti 0.8.7e and earlier versions.
A vulnerability exists in phpBazar-2.1.1fix which allows an attacker to gain access to the admin control panel. The attacker can use a Dork to find vulnerable sites and then access the admin control panel by entering the URL http://server/path/admin/admin.php or http://server/admin/admin.php.
Remote SQL Injection were identified in Google Calendar Joomla Component. SQL Injection attacks are another instantiation of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. An example exploit is provided in the text.
RADIO istek scripti (tr) Version 2.5 (tr) is vulnerable to a remote configuration vulnerability. An attacker can exploit this vulnerability by using a dork such as '2007 RADIOZAZA www.radiozaza.de? istek hatti Version 2.5' or 'estafresgaftesantusyan.inc' to find vulnerable sites and then accessing the estafresgaftesantusyan.inc file to view the configuration information.
The vulnerability allows an attacker to upload a malicious file to the web server. The vulnerability exists due to insufficient validation of the file type that is being uploaded. An attacker can exploit this vulnerability by uploading a malicious file to the web server.
Python's 'imageop' module is prone to a buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.
Services By CQR