This module exploits an arbitrary root command execution vulnerability in the OP5 Monitor license.php. Ekelow has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.
Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the 'mateidu' user.
Flippa Clone is vulnerable to SQL Injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the web application. This can be done by appending malicious SQL queries to the URL. For example, http://localhost/[PATH]/domain-details/[SQL]/Ihsan_Sencan, http://localhost/[PATH]/site-details/[SQL]/Ihsan_Sencan, http://localhost/[PATH]/ask-a-question/[SQL] etc.
The Joomla Modern Booking extension is vulnerable to SQL injection. The 'coupon' parameter is vulnerable to SQL injection when passed to the 'saveorder' task. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database.
This module will setup an SMTP server expecting a connection from SysGauge 1.5.18 via its SMTP server validation. The module sends a malicious response along in the 220 service ready response and exploits the client, resulting in an unprivileged shell.
Textbook buffer overflow; a fixed size buffer gets allocated with szPath[256], and the first command line argument is stored without validation. With 'A' * 1000 as argv[1], it leads to a segmentation fault.
APNGDis is vulnerable to a buffer overflow vulnerability when processing malformed PNG images. The vulnerability is triggered when the width and height of the image are set to large values in the first bytes of the image. This can lead to a crash or potential code execution.
APNGDis is vulnerable to a buffer overflow when processing an IHDR chunk size descriptor of 0xFFFFFFF4. This can be exploited to cause a denial of service or potentially execute arbitrary code.
SpyCamLizard SC liz v1.230 is vulnerable to a remote buffer overflow attack. By sending a specially crafted HTTP request containing an overly long string, an attacker can overflow a buffer and execute arbitrary code on the target system. This exploit was tested on Windows7 x64 HUN/ENG Enterprise.
An SQL injection vulnerability exists in GLink Word Link Script v1.2.3. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials.
Services By CQR