Yosemite Backup is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.
This exploit is a fake VNC server that will crash CotVNC 2.0 due to a NULL-pointer dereference. The exploit sends a specific payload to the client, causing it to crash.
This module exploits a vulnerability found in Fitnesse Wiki, version 20140201 and earlier.
A local file include web vulnerability has been discovered in the official Easiermobile Inc - ePhone Disk v1.0.2 iOS mobile web-application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the web-application or mobile device.
The vulnerability allows an attacker to execute arbitrary SQL queries on the target system, potentially gaining unauthorized access to sensitive information. The exploit involves manipulating the 'c_id' parameter in the 'news.php' file of dB Masters' Curium CMS version 1.03 or earlier. By injecting SQL code into the 'c_id' parameter, an attacker can bypass authentication and retrieve usernames and passwords from the 'cm_users' table.
This exploit allows an attacker to execute remote code on F3Site version 2.1. It requires an admin session and cookies prefix to work.
The Opera Web Browser is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, change the browser's settings, and launch other attacks.
The vulnerability allows an attacker to include a remote file by manipulating the 'root_path' parameter in the 'poll.php' script. This can be exploited to execute arbitrary code on the server.
A vulnerability exists in all current versions of EQdkp that allows one to spoof their referring URL to gain access to an integrated class-1 MySQL Backup/Restore program which allows one to download and modify sensitive SQL data. The script only checks for authentication via referring URL from the administration control panel. From the EQdkp_USERS.sql file, the username/email and MD5 Hashed password can be obtained. From there, the password needs to be cracked.
The InterWorx application stores its data in a MySQL-database. For interaction with the database dynamic queries are used. These queries are created by concatenating strings from the application with user input. However, the application does not perform proper validation or escaping of the supplied input in the 'i' parameter when sorting user accounts in NodeWorx, Siteworx and Resellers. Malicious users with access to this functionality can manipulate database queries to achieve other goals than the developers had in mind.