This exploit allows an unprivileged user to grant or revoke dba permission in Oracle database using the dbms_export_extension. The exploit creates a package that executes the GRANT or REVOKE command and then commits the transaction. The exploit requires Oracle InstantClient (basic + sdk) for DBD::Oracle.
Attackers can exploit this issue to crash Windows Explorer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will allow arbitrary code to run in the context of the user running the application.
The exploit allows an attacker to inject arbitrary code into the 'pfad_z' parameter in the settings.php file on a website. This can lead to remote code execution and potentially compromise the entire system.
The GeekLog version 2.x is vulnerable to remote file inclusion. The vulnerability exists in the BaseView.php file. An attacker can exploit this vulnerability by including a malicious file through the 'glConf[path_libraries]' parameter.
WebPhotoPro is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Remote File Include vulnerability in Flip-2.01-final 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter to previewtheme.php.
This module exploits a stack based buffer overflow in IMail 2006 and 8.x SMTP service. If we send a long strings for RCPT TO command contained within the characters '@' and ':', we can overwrite the eip register and exploit the vulnerable smpt service.
AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This module exploits this to read an arbitrary file from the file system. Any authed user should be usable. Admin not required.
This exploit takes advantage of a buffer overflow vulnerability in the IMail server. By sending a specially crafted request, an attacker can overflow a buffer and potentially execute arbitrary code on the target system.
Services By CQR