Bootstrapy CMS is vulnerable to multiple SQL Injection attacks. The vulnerable parameters are thread_id, subject, post-id and thread-id. Attack patterns include 0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z, 0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z, 0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z and 0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z respectively.
This exploit allows attackers to bypass detection of Canarytokens up to 2019-03-01 by unzipping the .docx file and checking the core.xml file for the presence of 'AAAAAAAAAAAAAAAA' and '2015-07-21' strings and filesize less than 170000 bytes.
An attacker can access all data following an authorized user login using the parameter. The POC includes boolean-based blind, time-based blind and union query.
uHotelBooking is a powerful hotel management and online booking/reservation site script. The vulnerability exists due to improper validation of user-supplied input in the 'system_page' parameter of the 'index.php' script. A remote attacker can send a specially crafted HTTP request to execute arbitrary SQL commands in application's database.
This exploit allows an attacker to read arbitrary files on the server by sending a specially crafted request to the server.
Netartmedia Vlog System is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify data in the back-end database, compromise the application, access or escalate privileges, or execute arbitrary commands on the operating system.
Netartmedia Deals Portal is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted POST request to the loginaction.php page with a malicious payload in the 'Email' parameter. The payload will cause the server to sleep for 0 seconds if the current date is equal to the system date.
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
NetShareWatcher 1.5.8.0 is vulnerable to a SEH buffer overflow vulnerability. An attacker can exploit this vulnerability by running a malicious python code to create a file containing a payload of 262 bytes followed by a short jump, a pop esi pop ebx retn instruction, and 20 NOPs. The payload is then pasted into the 'Custom' box in the 'Restrictions' tab of the 'Settings' menu. When the 'Find' button is clicked, the payload is executed, resulting in the execution of arbitrary code.
Services By CQR