This exploit is for a remote code execution vulnerability in a web application. It allows an attacker to execute arbitrary code on the target system by sending a specially crafted request to the vulnerable application.
This module exploits a vulnerability in Microsoft Windows Installer (msiexec.exe) by using a specially crafted .msi file. The vulnerability exists in the way Windows Installer validates the digital signature of a specially crafted .msi file. An attacker can exploit this vulnerability by convincing a user to install a malicious .msi file. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. This vulnerability was discovered by the Google Project Zero team and was assigned CVE-2020-1019.
The PhpSpreadsheet library is affected by XXE injection. This vulnerability could be leveraged to read files from a server that hosts an application using this library. An attacker who exploited this vulnerability could extract secrets, passwords, source code, and other sensitive data stored on the filesystem.
This exploit is a remote code execution vulnerability in the AFP Server service of Mac OS X 10.5.8. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted AFP request packet. The vulnerability is caused by a stack-based buffer overflow in the AFP Server service, which can be triggered by sending a specially crafted AFP request packet with an overly long filename. The overflow occurs when the filename is copied into a fixed-length buffer on the stack. This can be exploited to execute arbitrary code on the vulnerable system.
keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a custom fusermount binary as root.
This exploit is a buffer overflow vulnerability in the MySQL protocol. It allows an attacker to send a specially crafted packet to the MySQL server, which can cause the server to crash or execute arbitrary code.
A buffer overflow vulnerability in Angry IP Scanner for Linux 3.5.3 can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error when handling user supplied data. This can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted string passed to the application. Successful exploitation of this vulnerability may allow execution of arbitrary code.
The parameter 'filterType' in /attachments.php is vulnerable to Time Based Blind SQL Injection.
WSTMart 2.0.8 is vulnerable to Cross-Site Request Forgery (CSRF) in the staff management module. An attacker can craft a malicious HTML page that when visited by an authenticated admin user, will add a new admin user with the credentials specified in the malicious HTML page. This can be exploited to gain access to the admin panel.
WSTMart 2.0.8 is vulnerable to Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'consultContent' parameter of the 'mall some commodity details - commodity consultation' function, which is then stored in the application and executed when the page is loaded. This can be used to steal user data or perform other malicious actions.
Services By CQR