The MOTIONBORG Web Real Estate version 2.1 and below is vulnerable to remote SQL injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands and gain unauthorized access to the database.
The vulnerability allows an attacker to execute arbitrary code on the target system by injecting a malicious file through the 'INC' parameter in various PHP scripts.
The SpamBam plugin for WordPress is vulnerable to a security bypass issue. This is due to the fact that client-accessible data can be used to calculate verification keys. Attackers can exploit this vulnerability by submitting arbitrary form data via automated scripts and distribute spam.
This exploit allows an attacker to execute arbitrary commands on the target system through the @lex Guestbook <= 4.0.2 application. By exploiting a local file inclusion vulnerability, the attacker can include a malicious skin file that contains the desired command to be executed. The exploit retrieves the administrator password, logs in as the administrator, adds a skin, and writes the malicious skin file. The command executed in this example is 'whoami', which returns the username 'darkfig'.
An attacker can bypass Fortinet Fortigate's URL filtering functionality by sending specially-crafted HTTP requests terminated by the CRLF character and changing the HTTP version to 1.0 without sending the Host header and fragmenting the GET and POST requests. This allows the attacker to view unauthorized websites and bypass certain security restrictions.
This is a practical pwnage exploit for Application (UN)Enhancer, also known as APU. The exploit involves patching certain opcodes in the binary file of the framework to gain unauthorized access and control. The exploit targets the ApplicationEnhancer.framework and ApplicationUnenhancer.framework.
The first vulnerability is multiple SQL injection vulnerabilities in bloofoxCMS V0.5.0. The second vulnerability is a Cross Site Request Forgery (CSRF) vulnerability.
Opera is vulnerable in parsing the JPEG file format. Discovered were four vulnerabilities, each in different segments of the file format. The two important ones are ntdll.RtlAllocateHeap() DHT vulnerability and ntdll.RtlAllocateHeap() SOS vulnerability. Opera Mini for mobile phones could also be vulnerable.
The magic photo storage website is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability by injecting a malicious payload in the _config[site_path] parameter of the common_function.php file. This allows the attacker to include arbitrary remote files, potentially leading to remote code execution or sensitive data disclosure.
This exploit targets Cdrecord version 2.0 and lower. It allows an attacker to gain root privileges on the system.
Services By CQR