Through the SQL injection vulnerability, a malicious user could inject SQL code in order to steal information from the database, modify data from the database, even delete database or data from them.
This exploit allows an attacker to execute arbitrary code on the vulnerable server by exploiting a vulnerability in the ARMBot application. The vulnerability exists due to insufficient input validation in the upload.php script, which allows an attacker to upload a malicious file containing arbitrary code to the server. The attacker can then access the malicious file via a specially crafted URL.
When an NSURL is deserialized, one property its plist can contain is NS.minimalBookmarkData, which is then used as a parameter for [NSURL URLByResolvingBookmarkData:options:relativeToURL:bookmarkDataIsStale:error:]. This method uses a wide variety of code to parse the provided bookmark data. On a Mac, if the data is a pre-2012 alias file, it will be processed using the FSResolveAliasWithMountFlags function in the CarbonCore framework. This function can eventually call ALI_GetUTF8Path, which has an unsafe call to strcat_chk, leading to memory corruption.
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
An attacker can exploit a SQL injection vulnerability in the Rest - Cafe and Restaurant Website CMS by sending a specially crafted GET request to the news.php page with the vulnerable parameter 'slug'. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
In web application you will see index.php?plot url extension. http://<ipaddr>/index.php?plot=;<command-here> will execute the command you entered. After command injection press 'select # host' then your command's output will appear bottom side of the scroll screen.
A SQL injection vulnerability exists in WebIncorp ERP, which allows an attacker to execute arbitrary SQL commands via the vulnerable parameter 'prod_id' in the 'product_detail.php' page. An attacker can send a specially crafted GET request to the vulnerable page to exploit this vulnerability.
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.
Extenua SilverShield 6.x fails to secure its ProgramData subfolder. This module exploits this by injecting a new user into the database and then using that user to login the SSH service and obtain SYSTEM. This results in to FULL SYSTEM COMPROMISE. At time of discolsure, no fix has been issued by vendor.
An authenticated attacker could exploit this vulnerability to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution and denial of service attacks.
Services By CQR