This vulnerability is caused by a NULL pointer dereference in the Linux kernel's cfg80211 module. It is triggered when a victim scans and receives a beacon frame that does not contain a SSID IE and then receives another one that does have a SSID IE. This should only affect the 2.6.30 series.
MyWeight 1.0 is vulnerable to a shell upload vulnerability. An attacker can register in the site, go to their profile, and upload a shell.php file. This allows the attacker to gain remote code execution on the server.
A remote SQL injection vulnerability exists in DS CMS 1.0. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate data, disclose sensitive information, and potentially compromise the system.
A vulnerability exists in PHP Competition System BETA <= V0.84, which allows an attacker to inject arbitrary SQL commands via the 'competition', 'season', and 'day' parameters in the show_matchs.php script. This can be exploited to read arbitrary data from the database, including passwords and emails.
A vulnerability in Ignition allows an attacker to inject a PHP code in the comment section and execute it when the page is refreshed.
A quick and dirty exploit for this vulnerability can be found at http://www.frasunek.com/proto_ops.tgz and a mirror of the exploit can be found at https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/9436.tgz (2009-proto_ops.tgz)
This exploit is related to a vulnerability in Red Hat SELinux which allows an attacker to bypass the security policy and gain root access. The exploit was discovered by Julien Tinnes and Tavis Ormandy and was patched by Linus Torvalds in 2009. The exploit is based on a 8 year old vulnerability.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Affected items: http://127.0.0.1/cms/login.php?previous_page=[XSS] Exemple: <script>alert(document.cookie)</script> The Risk: By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies.
Gazelle CMS 1.0 is vulnerable to a remote arbitrary file upload vulnerability. An attacker can exploit this vulnerability by sending a malicious file to the vulnerable server and then accessing it via a web browser. This can be done by changing the 'Type' parameter in the URL from 'Image' to 'File' and then uploading the malicious file. The malicious file can then be accessed via the URL http://localhost/Ananta_Gazelle1.0/user/File/shell.php
A vulnerability in the WP-Syntax plugin for WordPress allows an attacker to execute arbitrary commands on the server hosting the vulnerable website. This is due to the plugin not properly sanitizing user-supplied input when processing the "geshi" parameter in the "wp-syntax.php" script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code in the "geshi" parameter.