This parameter 'email' is vulnerable to Time-Based blind SQL injection in this path '/medical/login.php' that leads to retrieve all databases.
WordPress sites that use EventOn Calendar cause reflected xss vulnerability to javascript payloads injected into the search field.
An attacker can access the upload function of the application without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
Attacker can change admin e-mail address by sending a POST request to the admin page view preferences and changing the e-mail address.
This Eyxploit connects to the FTP-Service and sends a command which has a size of 256bytes with an trailing space at the end. The result it crashes.
An authentication bypass vulnerability exists in Intelbras Router RF 301K 1.1.2. An attacker can send a specially crafted HTTP request to the router to bypass authentication and gain access to the router configuration file.
Rejetto HttpFileServer 2.3.x is vulnerable to Remote Command Execution. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a malicious payload which is then executed on the server. This vulnerability was discovered by Óscar Andreu and is tracked as CVE-2014-6287.
ATX/PicoDigital MiniCMTS200a Broadband Gateway v2.0 is vulnerable to credential disclosure. An attacker can send a POST request to the '/inc/user.ini' endpoint to retrieve usernames and hashes of the users.
An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version — v3.0.4. The vulnerability can be exploited by sending a malicious payload in the 'ticket_body' parameter of a POST request.
A stack-based buffer overflow vulnerability exists in libupnp 1.6.18, which could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of proper validation of user-supplied data when handling M-SEARCH packets. An attacker can send a specially crafted M-SEARCH packet to the vulnerable server, resulting in a stack-based buffer overflow. This can allow the attacker to execute arbitrary code in the context of the application.
Services By CQR