In Moodle 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versions, any registered user can update any table of the Moodle database via an objection injection through a legacy user preferences setting (Described by Netanel Rubin at http://netanelrub.in/2017/03/20/moodle-remote-code-execution/)
The handling of HTTP-Multipart boundary headers does not properly close connections when malformed requests are sent to the Mongoose server. This leads to a use-after-free/null-pointer-de-reference vulnerability, causing the Mongoose HTTP server to crash. As a result, the entire system is rendered unusable.
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. HelpDEZk 1.1.1 is vulnerable to multiple CSRF Remote Code Execution Vulnerability. This vulnerability allows an attacker to execute arbitrary code on the vulnerable system.
A buffer overflow vulnerability exists in Win2K12-R2 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable system. This can allow the attacker to execute arbitrary code on the vulnerable system.
SQL Injection vulnerability exists in Doctors Appointment Script. An attacker can inject malicious SQL queries via the 'lat', 'lon', and 'category' parameters in the 'search' script. This can be used to extract sensitive information from the database such as user credentials. Additionally, a file upload vulnerability exists in the 'doctor_image' directory, allowing an attacker to upload malicious files.
Sweepstakes Pro Software is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The vulnerability exists in the allauctions.php, news.php and productdetails.php files, where an attacker can inject malicious SQL queries. The vulnerable parameters are aid, nid, aff_id, user_id, referer_id, amount, commission, bid_pack_title.
A SQL injection vulnerability exists in Airbnb Crashpadder Clone Script, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient input validation in the application when handling user-supplied input. An attacker can exploit this vulnerability by sending malicious SQL commands to the application via the vulnerable parameter. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, such as usernames and passwords, or even full system compromise.
The ImagePro Lazygirls Clone Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames, passwords, and other confidential data.
There is a negative-size memmove security vulnerability in WebKit. The vulnerability was confirmed on a nightly build of WebKit. The PoC has also been observed to crash Safari 10.0.2 on Mac. Under certain conditions HTMLFormElement::formElementIndex() returns an index that is larger than the size of m_associatedElements. This results in negative memmove in WebCore::HTMLFormElement::registerFormElement.
Services By CQR