The vulnerability is in the file search.php, the variable search_app is vulnerable. An attacker can exploit this to find out the rootpath of website or for Blind SQLi attack.
Foxit Reader 4.1.1 is subject to a stack overflow vulnerability when parsing overly long unicode titles resulting in a SEH overwrite. The included PoC results in a SEH overwrite. The exception must be passed twice in order to reach the overwritten handler.
An attacker can exploit a SQL injection vulnerability in the Event Registration plugin for WordPress. By sending a specially crafted request to the vulnerable server, an attacker can execute arbitrary SQL commands in the back-end database. This can be used to bypass authentication and gain access to sensitive data such as passwords, usernames, and other sensitive information stored in the database.
DBSite is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.
The AWCM v2.1 final is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.
Build a Niche Store v3.0 (BANS) is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by applying the following details for login: Username: ' or 1=1 or ''=' and Password: ' or 1=1 or ''=' which will redirect the attacker to the admin page. The attacker can also upload a shell by going to the Template Page (http://server/admin/index.php?action=getTemplate) and uploading the shell via the upload logo option. The shell can then be accessed via http://server/themes/layout-3-right/images/
The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot. Requests with long cookie header makes the IP camera reboot a few seconds faster, however the same can be accomplished with requests of any size. The example code below is able to reboot the IP cameras in less than a minute in a local network.
The CMNC-200 IP Camera has undocumented default accounts on its Linux operating system. These accounts can be used to login via the cameras telnet interface, which cannot be normally disabled. The usernames and passwords are listed below.
The CMNC-200 IP Camera has an administrative web interface that does not handle authentication properly. Using a properly formatted request, an attacker can bypass the authentication mechanism. The first example requires authentication: http://www.ipcamera.com/system.html. When a second forward slash is placed after the hostname, authentication is not required. http://www.ipcamera.com//system.html. This vulnerability allows an attacker to take full control of the IP Camera.
The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
Services By CQR