The vulnerability is caused by the insecure inclusion of the file classes/class_mail.inc.php. An attacker can exploit this vulnerability to execute arbitrary PHP code by including a remote file.
NovaStor NovaNET is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.
Application is vulnerable to CSRF. An attacker can use this vulnerability to create a new user and assign Admin role to the user.
This exploit allows an attacker to perform SQL injection and cross-site scripting (XSS) attacks on OTSCMS version 2.1.5. The vulnerability exists in the 'reply.php' file in the 'mod/PM' directory, specifically in lines 22-26. An attacker can exploit the SQL injection vulnerability by manipulating the 'id' parameter in the 'priv.php' file, allowing them to retrieve sensitive information from the database. The XSS vulnerability can be exploited by injecting malicious JavaScript code into the 'name' parameter in the 'forum.php' file.
These vulnerabilities include a cross-site scripting issue, an SQL-injection issue, and multiple remote file-include issues. Exploiting these vulnerabilities could lead to stealing authentication credentials, executing arbitrary code, compromising the application, accessing or modifying data, or exploiting underlying database vulnerabilities.
This exploit allows an attacker to generate an admin session for Advanced Poll version 2.0.0 to 2.0.5-dev. By providing a specific username and password, the attacker can bypass authentication and gain administrative access to the system. The exploit uses the LWP::UserAgent module and performs a POST request to the admin/index.php endpoint. If successful, the exploit retrieves the session ID and provides instructions for accessing the admin panel.
The WebMatic 2.6 application is vulnerable to a remote file inclusion (RFI) vulnerability. This vulnerability allows an attacker to include arbitrary files from remote servers, potentially leading to remote code execution.
This exploit allows an attacker to include a remote file in the vulnerable PHP script 'top.inc.php' in AgerMenu version 0.01. The vulnerability can be exploited by appending a malicious file path to the 'rootdir' parameter in the URL. The attacker can then execute arbitrary code from the included file.
The Nokia Phoenix Service Software ActiveX controls are prone to multiple buffer-overflow vulnerabilities because they fail to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers. An attacker can exploit these issues to execute arbitrary code within the context of the application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
This module exploits an arbitrary command execution vulnerability in the Vtiger install script. This module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a session again.
Services By CQR