Cart66Ajax::shortcodeProductsTable() is accessible for every registered user. $postId is not escaped correctly (only html tags are stripped). Login as regular user (created using wp-login.php?action=register) and use a form to inject a SQL query that will check if first password character user ID=1 is $. If yes, it will sleep 5 seconds.
VFU v4.10-1.1 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Google Document Embedder v2.5.14 have SQL Injection. This Plugin v2.5.16 uses mysql_real_escape_string function has been patched to SQL Injection, but mysql_real_escape_string() function is bypass possible. The vulnerability file is /google-document-embedder/~view.php.
The TYPO3 extension ke_dompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for HTML-entities rendered as a PDF. This page also allows users to enter their own HTML code into a text box to be rendered by the webserver using dompdf. dompdf also supports rendering of PHP files and the examples page also accepts PHP code tags, which are then executed and rendered into a PDF on the server. Since those files are not protected in the TYPO3 extension directory, anyone can access this URL and execute arbitrary PHP code on the system.
EntryPass N5200 Active Network Control Panels offer an HTTP service on TCP port 80. It appears that only the first character of a requested URL's path is relevant to the web server. By enumerating all one-character long URLs on a device, it was determined that URLs starting with a numeric character are used by the web interface, as listed in the following table: http://example.com/0 Index, http://example.com/1 Stylesheet, http://example.com/2 Authentication with Username/Password, http://example.com/3 Session Management, http://example.com/4 Device Status, http://example.com/5 Progressbar Image, http://example.com/6 Logout. The URL http://example.com/2 returns a JavaScript file containing the current administrative username and password in plaintext.
A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass.
Anyone can change plugin settings. An attacker can inject malicious JavaScript code into the 'fb_login_button' parameter of the 'nextend-facebook-settings.php' file, which is then executed in the browser of the victim when they view the page.
SQL Buddy suffers from a remote code execution. This happens due to the fact that it allows the user to login using any server he wants and that it allows the user to export data from the database to a file on the webserver. In order to exploit this bug, the user must use a sql server they control and have valid credentials for, create a database and a table with one column of type text, insert the php code they want to execute into that table, choose the previously created table from the left menu, click Export from the top menu, choose CSV format, choose 'Text File' and name the file with php extension for example shell.php. The exported file will be at : sqlbuddy/exports/ assuming the user installed sqlbuddy in a folder named sqlbuddy.
This exploit is a python script that takes advantage of a vulnerability in tnftp, a BSD FTP client. It redirects the vulnerable FTP client requests for http to the attacker's machine, and then delivers a malicious payload to the victim.
A stack buffer overflow vulnerability exists in the UltraHVCam ActiveX Control 'UltraHVCamX.ocx' when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
Services By CQR