Mail Enable Professional/Enterprise v2.32-4 (win32) remote exploit
The vulnerability allows an attacker to perform a SQL injection attack on the Aktueldownload Haber scripti (id) through the HaberDetay.asp page. By manipulating the 'id' parameter, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database.
Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Given the nature of this issue, attackers may also be able to corrupt process memory and run arbitrary code, but this has not been confirmed.
The vulnerability allows an attacker to execute arbitrary SQL queries in the CodeAvalanche News software by injecting malicious code through the 'CAT_ID' parameter in the 'inc_listnews.asp' script. This can lead to unauthorized access, data theft, and potentially full control of the application and underlying database.
An attacker can execute an XSS and inject SQL commands in the search form. The vulnerability requires the attacker to be logged in the admin panel.
F5 BIG-IQ v4.1.0.2013.0 is vulnerable to a privilege escalation attack which allows an attacker to change the root users password. This module does just this, then SSH's in.
The vulnerability allows an attacker to include a remote file in the aggregator.php and controller.php scripts. By manipulating the 'zf_path' parameter, an attacker can execute arbitrary code on the server.
The Fritz!Box networking/voice over IP router produced by AVM is vulnerable to unauthenticated remote command execution. An attacker can exploit this vulnerability by sending a crafted request to the router's web interface, allowing them to execute arbitrary commands on the device.
Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format. Immediate workarounds include: disabling the comment module, revoking the 'post comments' permission for all users or limiting access to one input format.
Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format.
Services By CQR