This exploit allows an attacker to gain access to the admin hash of the phpAbook 0.9i application. The exploit works by sending a malicious request to the index.php page of the application, which contains an SQL injection payload. The payload is designed to extract the admin hash from the ab_auth_user table, by looping through each character of the hash and comparing it to a known character set. If the character matches, the payload will cause the application to sleep for 3 seconds, allowing the attacker to identify the character of the hash.
This exploit allows an unauthenticated attacker to execute arbitrary commands on the Netgear WNAP320 Access Point Firmware v2.0.3 by sending a maliciously crafted POST request to the /boardDataWW.php macAddress parameter.
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via across site scripting (XSS) vulnerability.
When a poll is created that allows other answers and then the setting is enabled for displaying the other responses after submission, the other answer is not sanitized when displayed back to the user, showing an XSS vulnerability. It is, however, correctly sanitized when displaying the other choices on the initial vote page.
This module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution.
A SQL injection vulnerability exists in Simple Client Management System 1.0, which allows an unauthenticated attacker to execute arbitrary SQL commands via the 'uemail' parameter in a POST request. An attacker can use the payload 'admin' or 1=1# to exploit this vulnerability.
SeedDMS is vulnerable to a Remote Command Execution (RCE) vulnerability. An authenticated user can upload a malicious file and execute arbitrary commands on the server. This vulnerability affects Seeddms 5.1.10 and prior versions. The exploit requires the attacker to have valid credentials to the application.
A command injection vulnerability exists in TP-Link TL-WR841N 0.9.1 4.0. An attacker can send a malicious payload to the router via a POST request to the /cgi?2 endpoint, which will be executed on the router. This can be exploited to execute arbitrary commands on the router.
A vulnerability in Adobe ColdFusion 8 allows an attacker to execute arbitrary commands on the target system. This is due to the application not properly validating user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. Successful exploitation of this vulnerability can result in arbitrary code execution on the target system.
This exploit allows an unauthenticated attacker to execute arbitrary code on the vulnerable system. The vulnerability exists in the vSphere Client (HTML5) which is a web-based application that allows administrators to manage vCenter Server and ESXi hosts. The vulnerability is due to improper validation of user-supplied input in the vSphere Client (HTML5). An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vSphere Client (HTML5) to execute arbitrary code on the vulnerable system.
Services By CQR