The Spooky Login application fails to properly sanitize user-supplied input, leading to multiple input-validation vulnerabilities. These vulnerabilities can be exploited by an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
The vulnerability is caused due to the improper verification of uploaded files in '/ip_cms/modules/developer/config_exp_imp/manager.php' script thru the 'manage()' function when importing a configuration file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/file/tmp' directory after successful injection. Permission Developer[Modules exp/imp] is required (parameter 'i_n_2[361]' = on) for successful exploitation.
This exploit takes advantage of a buffer overflow vulnerability in Watermark Master software. By sending a specially crafted input, an attacker can trigger a stack-based buffer overflow, potentially allowing them to execute arbitrary code on the target system.
This module allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. The vulnerability was discovered by Brandon Perry.
Creates an .m3u file to exploit a very basic seh bof: junk --> next seh (jmp to shellcode) --> seh (pop3 pop ret) --> shellcode
XSP is prone to a source code information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.
The Knusperleicht Shoutbox is prone to an HTML-injection vulnerability due to insufficient input data sanitization. Exploiting this issue can allow an attacker to execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user.
Stem Innovation's IP camera called βIZONβ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web application running on the camera. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera. Further, using the web interface credentials will provide access to a camera stream and configuration details, including third-party API keys.
Multiple remote SQL injection vulnerabilities are detected in the official Onpub v1.4 and 1.5 Content Management System. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via the vulnerable parameters.
This exploit demonstrates a buffer overflow vulnerability in VideoCharge Studio. By sending a specially crafted request, an attacker can cause a buffer overflow, potentially allowing them to execute arbitrary code on the target system.
Services By CQR