SIPp 3.3.990 is vulnerable to a local buffer overflow vulnerability. An attacker can exploit this vulnerability by providing a large string of 'A's as an argument to the -trace_logs, -message_file, -calldebug_file, and -trace_err options. This will cause a segmentation fault and crash the application.
A buffer overflow vulnerability exists in QNAP NetBak Replicator 4.5.6.0607, which can be triggered by sending a specially crafted string of 5000 'A' characters to the 'Dirección URL WebDAV' field. This can cause the application to crash.
It is a plugin which adds a page to download files. If enabled, regular members can add new downloads to the page after admin approval. An attacker can exploit this vulnerability by creating a new download and adding the following to the title: a". This will prompt the user to an SQL Injection specific error which can be exploited with sqlmap -r request_file -p name --threads 5.
A vulnerability in ZyXEL VMG3312-B10B firmware version 1.00(AAPP.0)D7 allows an attacker to gain access to the modem's FTP server using the credentials 'support' and 'support'. By downloading the file '/var/csamu' from the FTP server, an attacker can gain access to the credentials of all users of the modem. The credentials are stored in the file in base64 encoded format.
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
An authenticated Telnet command execution vulnerability exists in NETGEAR WiFi Router R6120 with firmware version 1.0.0.30. An attacker can exploit this vulnerability by sending a POST request to http://192.168.1.1/401_recovery.htm with the serial number of the router. This will bypass the security questions and allow the attacker to gain access to the router admin username and password. The attacker can then use the credentials to telnet into the router and execute commands.
An Arbitrary File Upload vulnerability exists in Webiness Inventory 2.9 which allows an attacker to upload a malicious file to the server. This vulnerability exists due to insufficient validation of the uploaded file in the WsSaveToModel.php file. An attacker can exploit this vulnerability by sending a malicious file to the server via a POST request to the WsSaveToModel.php file.
A buffer overflow vulnerability was discovered in R 3.4.4 running on Windows 10 x86. The vulnerability was discovered by bzyo and was authored by Charles Truscott. The exploit involves pasting a file called 'boom.txt' into the 'Language for menus ...' field in the GUI Preferences. The exploit uses a combination of POP, MOV, XCHG, NEG, and PUSHAD instructions to gain control of the program.
Electricks eCommerce 1.0 is vulnerable to SQL Injection. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'prodid' parameter of the 'index_search.php' and 'product_details.php' scripts. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's backend database.
phptpoint Pharmacy Management System SQL injection suffers from a SQL injection vulnerability that allows an attacker to bypass the login page and authenticate as admin or any other user. The vulnerable code is located in the index.php file, where the username and password are not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with a malicious payload.
Services By CQR