A vulnerability in Aerospike Database 5.1.0.3 allows an attacker to execute arbitrary OS commands on the vulnerable system. This is due to the lack of proper input validation when handling user-supplied data. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable system. Successful exploitation of this vulnerability can lead to complete compromise of the vulnerable system.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
An SQL injection vulnerability was discovered in PHP-Doctor-Appointment-System. In getuser.php file, GET parameter 'q' is vulnerable. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
An attacker can gain admin panel access using malicious sql injection queries.
This exploit is a python script that can be used to launch a DoS attack or privilege escalation attack on Cisco 7937G devices running SIP-1-4-5-5 or SIP-1-4-5-7. The script takes a target IP address, attack type, username, and password as arguments. Attack type 1 is a DoS attack with automatic device reset, attack type 2 is a DoS attack without automatic device reset, and attack type 3 is a privilege escalation attack that changes the SSH credentials of the target device.
Atheros Coex Service Application 8.0.0.255 has an unquoted service path. The PoC shows that the service 'ZAtheros Bt&Wlan Coex Agent' is running with an unquoted service path. The service is set to auto start.
An attacker can gain admin panel access using malicious sql injection quiries.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A blind SQL injection vulnerability exists in the 'CG Items' functionality of Pandora FMS. The vulnerable parameter is 'data'.
This exploit allows an authenticated user to read arbitrary files from the October CMS <= Build 465. The exploit requires the user to have the privilege to modify assets and a valid cookie value. The relative path to the target file is required to exploit the vulnerability.
Services By CQR