It is possible for an unauthenticated user to perform an SQL injection when updating the subscription information of an already subscribed user. The protection against SQL injection relies on a combination of a custom magic quotes function which applies addslashes to all input values and a function which applies htmlspecialchars to all inputs. Additionally, some input values are cast to integers to prevent injections. addslashes protects against injections into arguments which are placed into single quotes, while htmlspecialchars protects against injections into double quotes. It should be noted that neither addslashes nor htmlspecialchars are recommended to prevent SQL Injection. The update functionality is vulnerable to SQL Injection as it uses the key of POST data, while only values of POST data are escaped via addslashes, but not keys.
It's possible to trigger a buffer overflow condition when setting the SSID parameter or encrypted password parameter on the camera. The attacker must be in bluetooth range at any time during the cameras powered on state. Bluetooth is never disabled even after initial setup. The payload attempts to set an SSID or encrypted password with a length of 1 byte and sends 16.
An attacker can inject arbitrary SQL commands into the 'product_id' parameter of the 'index.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A SQL injection vulnerability exists in Joomla! Component JooCart (Joomla OpenCart Integration) v2.x. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or to modify or delete data.
ExtraPuTTY TFTP server component is vulnerable to remote Denial of Service attack by sending large junk UDP Read/Write TFTP protocol request packets. A malicious user can send a large junk UDP Read/Write TFTP protocol request packets to ExtraPuTTY TFTP server component, which will cause the application to crash.
This vulnerability allows an attacker to view arbitrary files within the context of the web server by using a directory traversal attack. This is done by using the '..%5c..%5c' sequence in the URL, which allows the attacker to traverse up the directory tree and access files outside of the web root.
FTPShell Server 6.56 is vulnerable to a buffer overflow vulnerability when a maliciously crafted string is sent to the ChangePassword function. This can be exploited to execute arbitrary code by overwriting the saved return address with a pointer to the shellcode.
An SQL injection vulnerability exists in the Secure Download Links software, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'dc' parameter of the 'download.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script.
The Omegle Clone script is vulnerable to SQL injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameters in the randomChat.php, listenToReceive.php, typing.php, isTyping.php, and saveLog.php scripts. This can allow attackers to access sensitive information such as the AdminID, AdminPass, Email, PayPal, and IpnMode settings.
A privilege escalation vulnerability in the DIGISOL DG-HR1400 wireless router enables an attacker escalate his user privilege to an admin just by modifying the Base64encoded session cookie value.
Services By CQR