The 'index.php' file of the PHP File Browser Script 1 is vulnerable to directory traversal. An attacker can see and read all files known by the name by using the 'path' parameter in the URL.
Logicspice FAQ Script 2.9.7 allows to upload arbitrary files which leads to a remote command execution on the remote server. An attacker can create a file with a malicious PHP code and upload it to the server via the admin portal. The attacker can then execute arbitrary commands on the server by accessing the uploaded file with a GET request.
Run the python script, it will create a new file 'wiki.txt'. Copy the text from the generated wiki.txt file to clipboard and paste the text in the search bar in the top right of app. App will now crash.
An attacker can execute SQL commands through parameters that contain vulnerable. An authorized user can use the filtering feature and can fully authorize the database or other server informations. Also there are XSS vulnerabilities too.
The vulnerability exists due to a boundary error when handling user-supplied input in the 'Server address' field. A remote attacker can create a specially crafted input, send it to the vulnerable application and execute arbitrary code on the system. An attacker can exploit this vulnerability to cause a denial of service condition.
Upon opening a specially crafted .ELX file in Event Log Explorer, remote attackers can potentially gain access to local files.
The vulnerability exists due to a boundary error when handling user-supplied input. A remote attacker can send a specially crafted input to the vulnerable application, causing a denial of service condition. To exploit the vulnerability, an attacker must send a specially crafted input to the vulnerable application.
An attacker can cause a denial of service (DoS) condition on the D-Link DIR-615 router by sending a maliciously crafted HTTP request with a long Authorization header. This will cause the router to crash and the network connection to be lost.
Visual Ping 0.8.0.0 is vulnerable to a denial of service attack when the user inputs a specially crafted string into the 'Host, Time Out,packet size, Pause, Loops' fields. An attacker can exploit this vulnerability by executing the Visual_Ping.py code, copying the contents of VisualPing.txt to the clipboard, executing VPing.exe, and then copying the clipboard contents into the 'Host, Time Out,packet size, Pause, Loops' fields. When the 'Start' button is clicked, the application will crash.
DamiCMS v6.0.0 allows CSRF to change the administrator account's password. After the administrator login in, open the poc, the administrator account's password will been changed to 123123.
Services By CQR