A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code.
A vulnerability in Acoem 01dB CUBE Smart Noise Monitoring Terminal allows an attacker to remotely change the password of the device. This vulnerability exists due to the lack of authentication when sending a GET request to the F_validPassword.asp page with the new password as a parameter. This allows an attacker to gain access to the device without knowing the current password.
A remote sql injection web vulnerability has been discovered in the official Schoolhos v2_29 content management system. The web vulnerability allows remote attackers to execute own malicious sql commands to compromise the application or dbms. The sql injection vulnerability is located in the `kelas` parameter of the `index?p=siswakelas` module POST method request.
An attacker can access to all mysql backup and download them from the directory http://localhost/inc/mysql_backup and can access to website files backup from http://localhost/SweetRice-transfer.zip
SweetRice 1.5.1 is vulnerable to unrestricted file upload. An attacker can upload malicious files to the web server and execute arbitrary code. This vulnerability can be exploited by sending a malicious file to the server via a POST request.
DreamFTPServer1.0.2 is vulnerable to a format string vulnerability in the RETR command. An attacker can send a maliciously crafted string to the server, which can lead to remote code execution. The exploit code sends a string containing format specifiers and shellcode to the server, which is then executed.
PCMan FTP Server 2.0 is vulnerable to a buffer overflow attack when a long string is sent to the PORT command. This can be exploited by an attacker to execute arbitrary code on the vulnerable system.
PCMan FTP Server 2.0 is vulnerable to a buffer overflow attack when sending a specially crafted SITE CHMOD command. The vulnerability is caused due to a lack of proper bounds checking of user-supplied data, which can result in a buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
PCMan FTP Server 2.0 is vulnerable to a buffer overflow in the NLST command. By sending an overly long string, an attacker may be able to execute arbitrary code.
A buffer overflow vulnerability exists in FreeFloat FTP Server due to improper bounds checking of user-supplied input when handling the SITE ZONE command. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
Services By CQR