This exploit allows an attacker to include remote or local files in the vulnerable application. In the case of Local File Inclusion, an attacker can include files from the target system, potentially leading to information disclosure or remote code execution. In the case of Remote File Inclusion, an attacker can include arbitrary files from external servers, potentially leading to remote code execution.
This is a proof-of-concept exploit for a stack overflow vulnerability in AVS Audio Converter version 9.1.2.600. By providing a specially crafted payload in a file, an attacker can trigger a stack overflow and potentially execute arbitrary code.
The exploit allows an attacker to escalate privileges in Jupiter 1.1.5ex. By creating an account on the target website and using the exploit, the attacker can gain full access to the account.
The application suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
The MobileGo 8.5.0 software has insecure file permissions, allowing any user to have full control (read, write, execute) over the executable files.
The vulnerability allows an attacker to perform SQL injection and local file inclusion attacks. In the SQL injection attack, an attacker can retrieve usernames and passwords from the database if magic_quotes_gpc is off. In the local file inclusion attack, an attacker can include arbitrary files from the system.
The SolarWinds Kiwi Syslog Server 8.3.52 software has an unquoted service path vulnerability. This allows an attacker to place an executable named 'Archivos.exe' in the root directory and have it executed as the Local System user when the service is restarted.
The phpMyRealty 1.0.x script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'type' parameter in the search.php file and the 'listing_updated_days' parameter in the findlistings.php file. This allows the attacker to retrieve sensitive information such as login credentials from the pmr_admins and pmr_users tables.
The exploit can be accessed through http://[ip]/goform/QuickStart_c0. It allows for source code and password disclosure on 'Input typepassword'.
This exploit allows a low privileged group to gain excessive permissions to a folder used by an elevated process in Kaseya VSA agent <= 9.5. By appending malicious code to a script file dropped in the default working directory, an attacker can execute arbitrary commands as SYSTEM.
Services By CQR