I've found a sql-injection vulnerability in this web-software.The vulnerable code is in /gb/include/page.phpThe problem is the GET-pagename.An attacker can use this exploitcode for unfiltered sql-queries.
A SQL injection flaw was discovered within the latest WordPress appointment-booking-calendar plugin version 1.1.20. The flaw allows an authenticated user with editor, author, or administrator privileges to exploit this vulnerability by adding crafted shortcodes on a page or post, leading to potential compromise of the entire web server.
NewzCrawler 1.8 becomes unstable and crashes when parsing the 'url' attribute of the 'enclosure' sub-element containing some invalid strings while showing a new item of an RSS 2.0 file.
BitsCast crashes when receiving a RSS 2.0 feed item with an invalid string in sub-element 'pubDate'.
This module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget - DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. The bot answers only based on the servername and nickname in the IRC message which is configured on the perl script thus you need to be an operator on the IRC network to spoof it and in order to exploit this bot or have at least the same ip to the config.
Trivial fuzzing of molebox archives revealed a heap overflow decrypting the packed image in moleboxMaybeUnpack. This vulnerability is obviously exploitable for remote arbitrary code execution as NT AUTHORITYSYSTEM.
This exploit takes advantage of a stack overflow vulnerability in the BarCodeWiz ActiveX Control 2.52 (BarcodeWiz.dll). By exploiting this vulnerability, an attacker can overwrite the Structured Exception Handling (SEH) chain, potentially allowing for arbitrary code execution. This exploit includes a shellcode that opens the Windows Calculator application on Windows 2000.
This exploit allows an attacker to include arbitrary files from a remote server in the affected system's web application.
No Exploit Description
The vulnerability exists in the 'mfa_theme.php' file of the NoAh PHP Content Architect. An attacker can exploit this vulnerability by including a remote file through the 'tpls[1]' parameter in the URL. This can lead to remote code execution on the affected system.
Services By CQR