When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons (NE, EQ, MASKED_EQ) and arithmetic comparisons (LT, LE, GE, GT). Bitwise comparisons can always be implemented with no more than two comparisons; but that doesn't work for arithmetic comparisons. Consider the case where a filter attempts to check whether args[0]<0x123456789abc. The cases are: args[0].high < 0x1234: matches, args[0].high > 0x1234: no match, args[0].high == 0x1234 && args[0].low < 0x56789abc: matches, args[0].high == 0x1234 && args[0].low >= 0x56789abc: no match. But actually, when libseccomp is invoked, it generates the following seccomp filter which handles the case of args[0].high > 0x1234 && args[0].low < 0x56789abc incorrectly.
The real estate portal software is made to be multi-language, the main site can show multiple languages and let the site visitors choose their preferred language. The vulnerability exists due to improper validation of user-supplied input in the 'user_email' and 'page' parameters of the 'index.php' script. A remote attacker can send a specially crafted request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to bypass authentication, access, modify and delete data within the database.
PHP Mall is one of the first multi-stores and multi-vendors php scripts (offered since 2006) and successfully used on many websites today. PoC 1: An attacker can send a malicious HTTP GET request to the vulnerable application with a specially crafted payload in the 'id' parameter. PoC 2: An attacker can send a malicious HTTP POST request to the vulnerable application with a specially crafted payload in the 'Email' parameter.
Advanced Host Monitor 11.92 beta is vulnerable to a local buffer overflow vulnerability. An attacker can exploit this vulnerability by opening the application, navigating to Tools > Trace (or Telnet), pasting in contents from the egg.txt into the Host field, and starting the trace. The attacker can then close Advanced Host Monitor, navigate to Options > Startup, paste in contents from the egghunter-winxp-win7.txt or egghunter-win10.txt (depending on the Windows version) into the Load Specific HTML File field, save the changes, and wait a little for the shellcode (Calc) to open.
eNdonesia Portal is vulnerable to SQL Injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameters 'bid' and 'uid' of 'banners.php' and 'user.php' respectively. An attacker can exploit this vulnerability to gain access to the database and execute malicious queries.
This plugin shows upcoming calendar events on the forum index and portal page. Event names are vulnerable to XSS. Go to the calander.php page and add a new event. Input a payload for the event name <script>alert('XSS')</script> Payload will be executed on index.php
Gila CMS is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the search parameter of the application. When a user visits the vulnerable page, the malicious code will be executed in the user's browser. This can be used to steal user data, hijack user sessions, redirect users to malicious websites, etc.
TheCarProject v2 is vulnerable to SQL Injection in the 'man_id' and 'car_id' parameters. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
A Local Denial of Service vulnerability exists in WinAVI iPod/3GP/MP4/PSP Converter 4.4.2. An attacker can create a malicious AVI file with 6000 bytes of 'A' characters and open it in WinAVI.exe to cause a crash.
A vulnerability in WinMPG Video Convert allows an attacker to cause a denial of service by creating a file with a large number of 'A' characters and pasting it into the 'Name and Registration Code' field when registering the software.
Services By CQR