This module exploits a command injection vulnerability in the SAPHostControl Service, by sending a specially crafted SOAP request to the management console. In order to deal with the spaces and length limitations, a WebDAV service is created to run an arbitrary payload when accessed as a UNC path. Because of this, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3, but disabled by default on Windows 2003 SP2.
This exploit allows an attacker to add an admin user to the Booking System Pro application. The attacker can craft a malicious HTML page that contains a form with hidden fields that contain the admin user credentials. When the victim visits the malicious page, the form is automatically submitted and the admin user is added to the application.
The Wordpress HD Webplayer plugin version 1.1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability exists in the config.php and playlist.php files, where an attacker can inject malicious SQL code into the 'id' and 'videoid' parameters respectively.
SQL Injection vulnerability exists in Blog Comments Powered By Disqus. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the vulnerable parameter in the URL. This can allow an attacker to gain access to the database and can also allow an attacker to execute arbitrary code on the server.
An attacker can harvest administrator credentials and log into the web management UI. Possibilities include but are not limited to reading and writing files stored on the device and altering the device’s configuration. This means an attacker could steal sensitive data stored on the device, leverage the device to drop and/or host malware, abuse the device to send spam through the victim’s Internet connection, and use the device as a pivot point to access locally connected systems or launch attacks directed to other systems.
This exploit allows an attacker to add an admin user to the RV Shopping cart application. The attacker can craft a malicious HTML page with a form that contains the necessary parameters to add an admin user. When the victim visits the malicious page, the form is automatically submitted and the admin user is added to the application.
This exploit allows an attacker to add an admin user to the RV Article publisher application. The attacker can craft a malicious HTML page that contains a form with hidden fields that contain the username, email, password, group, active, superadmin, postnote, and save_user values. When the victim visits the malicious page, the form is automatically submitted and the admin user is added to the application.
The application is prone to a SQL injection vulnerability. The vulnerable code is present in no.pl, line 256, where user input is used in an SQL query without proper validation. This can allow an attacker to inject arbitrary SQL code into the query.
The application is prone to a SQL injection vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'signup.cgi' script. A remote attacker can exploit this vulnerability to inject arbitrary SQL commands and gain access to the application.
The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a unicode buffer overflow when a user opens e.g. a specially crafted .EBP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
Services By CQR