FoxPlayer 1.7.0 is vulnerable to a local buffer overflow vulnerability. The vulnerability is caused due to a boundary error within the processing of .m3u files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a specially crafted .m3u file with FoxPlayer 1.7.0. Successful exploitation may allow execution of arbitrary code.
Opera Web Browser is vulnerable to Denial of Service (DoS) within its javascript tags (alert). This issue can be exploited by using a large value in an alert tag to create an out-of-bounds memory access. This vulnerability was first discovered in version 9.10 and is still present in version 10.10.
ManageEngine OpUtils 5 is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
UplusFtp Server 1.7.0.12 is vulnerable to a remote buffer overflow attack. The vulnerability exists in the CWD, DELE, LIST, MKD, NLST (and etc) commands. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable server. This payload contains a malicious shellcode that will be executed on the vulnerable system.
myBusinessAdmin is vulnerable to Blind Sql Injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'id' of the content.php page. This can be exploited to gain access to sensitive information from the database.
The vulnerability exists in the links.php page of the cityadmin script. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable page. This can be done by appending a malicious SQL query to the id parameter of the vulnerable page. For example, an attacker can send a request like www.site.com/links.php?id=NULL+and+1=1 to check if the query is true or false.
A Blind SQL Injection vulnerability exists in RealAdmin's detail.php page, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to the user input passed to the 'id' parameter not being properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL commands and compromise the application, disclose sensitive information, etc.
A vulnerability in the PHP Car Rental-Script allows an attacker to bypass authentication by entering ' or '1=1/* as the username and password. This allows the attacker to gain access to the application without valid credentials.
KubeLance script lack of cross site request forgery protection, allowing us to make exploit and add new admin user.
MobPartner Chat is vulnerable to multiple SQL Injection vulnerabilities. Attackers can exploit these vulnerabilities to gain access to the admin panel, FTP control panel, and root server. Attackers can use the 'null+and+1=2+union+select+1,concat(id,0x3a,username,0x3a,password),3,4,5,6+from+texad_admin.users--' payload to gain access to the admin panel, 'null+and+1=2+union+select+1,concat(user,0x3a,password),3,4,5,6+from+pureftpd.ftpd--' payload to gain access to the FTP control panel, and 'null+and+1=2+union+select+1,concat(host,0x3a,user,0x3a,password),3,4,5,6+from+mysql.user--' payload to gain access to the root server.
Services By CQR