The program has SEH Buffer Overflow in several places. This code shows one of them. To optimize code, a 'stack pivot' has been used that is the same in Extreme, Engineer, and Network Audit Editions. All the old versions of the program that are available on the sites like soft32.com, or in https://www.aida64.com/downloads/archive have the same vulnerability in different offsets. This technique (EggHunter) has been used to find the exact address of the shellcode.
Any user can read files from the server without authentication due to an existing LFI in the following path: http://target/index.php?action=3&fm_current_dir=%2Fetc%2F&filename=passwd
A vulnerability exists in Fiverr Clone Script 1.2.2 which allows an attacker to inject malicious SQL commands or execute Cross Site Scripting attacks. This can be exploited by sending a specially crafted HTTP request to the vulnerable application. Successful exploitation could result in unauthorized access to sensitive data or the execution of arbitrary code.
Inout RealEstate is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter 'city' in the 'agentlistdetails' page. The payload 'brokername=&city=1' RLIKE (SELECT (CASE WHEN (8778=8778) THEN 1 ELSE 0x28 END)) AND 'VZpy'='VZpy&cityname=e&page=1&sortby=1' can be used to exploit this vulnerability.
Inout EasyRooms Ultimate Edition is prone to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information stored in the database. The vulnerabilities exist in the 'guests', 'location', 'numguest' and 'property1' parameters of the 'search/rentals', 'search/searchdetailed' scripts respectively. An attacker can send a malicious payload to the vulnerable parameters to execute arbitrary SQL commands in the context of the application's database user.
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.789 is vulnerable to Stored/Persistent XSS for the 'Name Server 1' and 'Name Server 2' fields via 'DNS Functions' for 'Edit Nameservers IPs' action. This is because the application does not properly sanitize the users input.
This is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines. The core bug is that _gnutls_x509_get_signature does not clear signature->data in the cleanup path. Callers like check_if_ca assume that if _gnutls_x509_get_signature ever sets that parameter, then it can be safely freed, but that is not true.
BigTree CMS is vulnerable to SQL Injection in the 'parent' parameter. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The attack pattern is -1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27. The POST method used is http://localhost/BigTree-CMS/site/index.php/admin/pages/create/.
NewJobPortal v3.1 is vulnerable to a SQL injection vulnerability in the 'job_submit' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application with the 'job_submit' parameter set to a malicious SQL query. This can allow an attacker to gain access to sensitive information from the database.
Microsoft Visio 2016 (16.0.4738.1000) is vulnerable to a buffer overflow attack when a user attempts to log in with an email address formed by one thousand A characters in each of its parts. This can be achieved by running the generator.c code, which creates a file called letters.txt containing one thousand A characters. The user then needs to copy the content of the file to the clipboard, open Visio 2016, click on 'Change account or Login', paste the clipboard, type @, paste the clipboard again, type ., paste the clipboard for the last time, click on 'Next' and then click on 'Professional account'. Visio 2016 will not respond and will remain in a white window without sending any message.
Services By CQR