Huski Retail is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Huski CMS is prone to a local file-include vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to compromise the application and the computer, and perform other possible attacks.
SystemTap is prone to multiple local memory-corruption vulnerabilities. An attacker may exploit these issues to execute arbitrary code with SYSTEM privileges. Failed exploit attempts will result in a denial of service.
An attacker can exploit the cross-site request forgery issue to alter the settings on affected devices. This may lead to further network-based attacks, including command-injection attacks to the device's underlying operating system, which can lead to a complete compromise of a vulnerable device. The attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.
Attackers can gain administrative access, execute arbitrary script code in the browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This module exploits a flaw (0 day) in DBMS_JVM_EXP_PERMS package that allows any user with create session privilege to grant themselves java IO privileges. Works on 11g R1 and R2 (Windows only).
This module exploits a flaw (0 day) in DBMS_JVM_EXP_PERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield. Works on 10g R2, 11g R1 and R2 (Windows only)
The vulnerability exists in the index.php file of the FlashGameScript application. It allows an attacker to execute arbitrary commands by manipulating the 'func' parameter in a GET request. This can be exploited by sending a malicious link with the 'func' parameter pointing to an attacker-controlled script.
This exploit allows an attacker to execute arbitrary code by overflowing the buffer in /bin/login. It has been tested on multiple versions of Irix.
Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive information and perform other attacks.
Services By CQR