The vulnerability allows an attacker to inject SQL commands into the 'id' parameter of the pollmentorres.asp script, which can lead to unauthorized access or manipulation of the poll database.
An attacker may leverage these issues to bypass certain security restrictions or conduct cross-site scripting attacks. The exploit code extracts the session token from the current document's URI and uses it to inject an iframe that changes the user's signature on the fly.
This exploit allows an attacker to execute arbitrary code on a target system running Advanced Poll version 2.0.0 to 2.0.5-dev. The vulnerability is due to a lack of input validation in the 'tpl[display_head.html]' parameter, which can be manipulated to execute system commands. By injecting a command into the 'tpl[display_head.html]' parameter and sending a specially crafted request to the target server, an attacker can execute arbitrary code with the privileges of the web server.
This exploit targets a remote heap corruption vulnerability in WsMp3d. It allows an attacker to execute arbitrary code with root privileges on a vulnerable system.
This exploit allows an attacker to trigger a buffer overflow vulnerability in Acunetix Web Vulnerability Scanner. It provides the attacker with the option to choose between two payloads: a calculator or a bind shell.
Sendmail is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. Successfully exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.
This script infects all pages on HP laserjets which include ews_functions.js by appending javascript to the ews_functions.js file by leveraging the PJL Directory Traversal.
This exploit targets the phpCC Beta version 4.2 and utilizes a SQL injection vulnerability in the 'nickpage.php' file. By manipulating the 'npid' parameter, an attacker can inject malicious SQL queries and retrieve sensitive information from the 'userdata' table.
This exploit allows an attacker to perform a remote SQL injection attack on Xaran Cms version 2.0. By exploiting this vulnerability, an attacker can retrieve the admin username and password from the database.
This exploit allows remote attackers to include arbitrary files on the target system.
Services By CQR