If a builtin script in webkit is in strict mode, but then calls a function that is not strict, this function is allowed to call Function.caller and can obtain a reference to the strict function. This is inconsistent with the behaviour when executing non-builtin scripts in Safari, and the behaviour in other browsers, where having a single strict function on the call stack forbids calls to Function.caller up to and including the first call to a strict function. This difference allows several sensitive native functions, such as arrayProtoPrivateFuncAppendMemcpy to be called directly, without the JavaScript wrappers that provide type and length checks.
When calling DateTimeFormat.format, the function is provided as a bound function by a getter in the DateTimeFormat class. Binding the function ensures that the this object is of the right type. However, when the bound function is called, it calls into user script when converting the date parameter, which can call Function.caller, obtaining the unbound function. This type unsafe function can then be called on any type.
The Samba server is supposed to only grant access to configured share directories unless 'wide links' are enabled, in which case the server is allowed to follow symlinks. The default (since CVE-2010-0926) is that wide links are disabled. However, smbd ensures that it isn't following symlinks by calling lstat() on every path component. This is racy, as any of the path components - either one of the directories or the file at the end - could be replaced with a symlink by an attacker over a second connection to the same share. For example, replacing a/b/c/d/e/f/g/h/i/j with a symlink to /etc/shadow would allow an attacker to read the shadow file.
Launch the program click on 1 - Server, 2 - Connect, and in the Share Name field inject (5000 "A") then the program crashed.
An attacker can exploit a SQL injection vulnerability in CouponPHP Script v3.1 to gain access to the users table, which contains the id, username, and password of the users.
A SQL injection vulnerability exists in Professional Bus Booking Script, which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to manipulate data, disclose sensitive information, or gain access to the system.
A stack overflow vulnerability exists in Microsoft Visual Studio 2015 update 3, which could allow an attacker to execute arbitrary code. The vulnerability is due to improper validation of user-supplied input when handling certain requests. An attacker could exploit this vulnerability by sending a specially crafted request to the affected application. Successful exploitation could result in arbitrary code execution in the context of the application.
Tour Package Booking v1.0 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'category' and 'package_detail' parameters in the URL. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SQL Injection vulnerability exists in Hotel & Tour Package Script v1.0 which allows an attacker to inject malicious SQL queries via the 'show', 'offer_id', 'news_id', 'page.php?id' and 'room_id' parameters. An attacker can exploit this vulnerability to gain access to sensitive information such as admin credentials, booking details, etc.
Delux Same Day Delivery Script v1.0 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'show_page' parameter in the URL. This can be exploited to gain access to the database and potentially gain access to sensitive information.
Services By CQR