poc-exploit.c is a proof-of-concept exploit for CVE-2018-14634, a buffer overflow vulnerability in the Linux kernel. The exploit uses a combination of environment variables and memory mapping to create a buffer overflow in the kernel. The exploit is capable of creating a buffer of up to 2^31 bytes, which can be used to overwrite kernel memory and potentially gain root privileges.
Improper input validation on the router web interface allows attackers add a persistent Cross-Site scripting attack on the IP Interface field when adding a new static route. Simply intercept a new static route request and add in the XSS
A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0 web-application. The vulnerability is located in the 'v' and 'f' parameters of the`index.php` action GET method request.
Flippa Marketplace Clone 1.0 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'date_started' and 'sortDir' parameters in the 'site-search' script. This can be exploited to read, modify or delete data from the database.
An unauthenticated attacker can inject arbitrary SQL commands via the 'pid' parameter in the 'tree.php' script. By exploiting this vulnerability malicious users can compromise the application, access or modify sensitive data, exploit various SQL injection techniques such as SQL union and boolean-based blind, and execute arbitrary system commands.
Singleleg MLM Software 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify data in the back-end database, compromise the application, access or elevate privileges, or exploit latent vulnerabilities in the underlying database implementation.
A SQL injection vulnerability exists in Education Website 1.0, which allows an attacker to execute arbitrary SQL commands via the 'subject' and 'city' parameters in college_list.html. An attacker can use the 'UNION' operator to inject malicious SQL code into the application, which can be used to extract data from the database.
A SQL injection vulnerability exists in Hotel Booking Engine 1.0, which allows an attacker to execute arbitrary SQL commands via the 'h_room_type' and 'destination' parameters. An attacker can use this vulnerability to gain access to sensitive information from the database, such as user credentials, or to modify data.
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
A buffer overflow vulnerability exists in Snes9K 0.0.9z, which allows an attacker to cause a denial of service condition by sending a specially crafted payload to the Socket Port Number. This can be exploited by an attacker to crash the application.
Services By CQR