A SQL injection vulnerability exists in Joomla! Component Simple Membership v3.3.3. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to extract sensitive information from the database.
NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole filesystem of the host, at least on Linux hosts. The issue is that, when the host checks whether a given path escapes the root directory of the shared folder in vbsfPathCheckRootEscape(), the function assumes that the directory hierarchy is static: E.g. the path "base/a/b/c/../../.." is assumed to be equivalent to "base/a/b/../..", "base/a/.." and "base". However, at least on Linux, renames can occur at the same time as path traversal. This means that, if VM A attempts to open "base/a/b/c/../../../foo" while VM B is moving "base/a/b/c" to "base/c_", VM A might actually end up opening "base/../../foo" instead of "base/foo".
A buffer overflow vulnerability exists in Cerberus FTP server version 8.0.10.1, which could allow an unauthenticated attacker to cause a denial of service condition. The vulnerability is due to improper validation of user-supplied input when handling a specially crafted HTTP request. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability could result in a denial of service condition.
Car Workshop System is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as database name, version, etc. The vulnerable parameter is job_id in the URL http://localhost/[PATH]/services/print_service_invoice?job_id=[SQL]. An example of a malicious payload is 6'+/*!50000union*/+select+1,2,3,/*!50000concat*/(database(),0x7e,version()),5,6,7,8,9,10,11,12--+-.
Fiyo CMS have five user group (super administrator, administrator, editor, publisher, member) and only three group can access backend page of admin (super administrator, administrator and editor). If we login as super administrator and access edit profile menu, check source code (ctrl+u) from your browser and we get level privilege: super administrator = 1, administrator = 2, editor = 3, publisher = 4, member = 5. If we change the level parameter to 1, we can gain super administrator privileges.
An attacker can exploit a SQL injection vulnerability in Mirage – Fancy Clone to gain unauthorized access to the application. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'c' parameter of the 'shopby' module. An attacker can send malicious SQL queries to the application, allowing them to bypass authentication and gain access to unauthorized data.
Remote attackers can use UDP socket connection to TFTP server port 69 and send Read request, to retrieve otherwise protected files using directory traversal attacks e.g. ../../../../Windows/system.ini. Start MobaXterm TFTP server which listens on default TFTP port 69.
An attacker can exploit a SQL injection vulnerability in PHP Forum Script v3.0 by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the backend database, potentially resulting in the manipulation or disclosure of application data.
An attacker can exploit a SQL injection vulnerability in Yellow Pages Script v3.2 by sending crafted HTTP requests to the vulnerable preview.php script with a maliciously crafted category_id parameter.
Services By CQR