Yamamah source code disclosure Vulnerability can be exploited by sending a malicious HTTP request to the vulnerable server. Blind SQL Injection can be exploited by sending a malicious HTTP request to the vulnerable server with a crafted payload.
BrightSuite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue allows attackers to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and possibly compromise the underlying system; other attacks are also possible.
VU Web Visitor Analyst is an application that retrieves website visitors’ IP address, visited date and time, visited page name, their country, and their ISP. An authentication bypass vulnerability exists in the application, which allows an attacker to bypass authentication and gain access to the application.
VU Case Manager is vulnerable to authentication bypass. An attacker can access the application without authentication by directly accessing the application URL.
A denial of service vulnerability exists in Vocoo CP3 Studio 2.0, due to a buffer overflow when processing a specially crafted .cp3 file. An attacker can exploit this vulnerability to cause a denial of service condition. This vulnerability is due to a lack of proper boundary checks when processing the .cp3 file. An attacker can exploit this vulnerability by crafting a .cp3 file with an overly long string and sending it to the vulnerable application. This will cause the application to crash, resulting in a denial of service condition.
This exploit is a proof of concept for a local denial of service vulnerability in Media Player Classic V1.3.1774.0. The exploit is triggered by creating a malicious .mpcpl file containing a large number of alink tags. When the file is opened in Media Player Classic, the application will crash due to the large size of the file.
An long Write Request (1000 A's) will cause SolarWinds TFTP Server to crash.
DaLogin 2.2 is vulnerable to a remote arbitrary file upload vulnerability. This vulnerability exists due to a lack of authentication and validation of the uploaded file. An attacker can exploit this vulnerability by sending a malicious file to the upload.php script via a POST request. This can allow an attacker to upload a malicious file to the server and execute arbitrary code.
An attacker can exploit a local file inclusion vulnerability in Parallels System Automation (PSA) to gain access to sensitive files on the server. By manipulating the 'help_id' parameter in the 'servlet/Help' URL, an attacker can include arbitrary files from the web server. This can be exploited to include the '/etc/passwd' file, which contains the usernames and passwords of all users on the system.
A remote file include vulnerability exists in ardeaCore 2.2, which allows an attacker to include a remote file on the vulnerable server. The vulnerability is due to the page parameter in the index.php script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a malicious URL in the page parameter. This can result in arbitrary remote code execution on the vulnerable server.
Services By CQR