The HP Network Automation application is prone to an SQL injection vulnerability due to the lack of proper sanitization of user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The vulnerability exists due to an invalid include function at lib/timesheet.class.php. An attacker can exploit this vulnerability by manipulating the 'inc_dir' parameter to include a remote file, which could lead to system access.
This is an exploit for the Apache ap_get_mime_headers_core() vulnerability. The vulnerability allows an attacker to cause a Denial of Service (D.o.S) attack by sending a specially crafted HTTP request to the target server. The exploit sends a large number of GET requests with a long content-length header, causing the server to run out of memory and potentially crash. This exploit is specific to Apache version 2 prior to version 2.0.49.
This exploit allows an attacker to spawn a shell on port 32768 by exploiting a vulnerability in Microsoft IIS WebDAV.
The Trading Marketplace script is vulnerable to SQL injection due to insufficient input sanitization. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'cid' parameter of the 'selloffers.php' page.
The Sagem F@st 3304 router is prone to a remote information-disclosure vulnerability because it fails to restrict access to sensitive information. A remote attacker can exploit this issue to obtain sensitive information, possibly aiding in further attacks.
This vulnerability allows an attacker to escalate privileges by overwriting the HAL dispatch table. By controlling the input buffer, the attacker can overwrite pointers in the table, which can be used to execute arbitrary code or gain elevated privileges. The vulnerability was discovered by Parvez Anwar and affects multiple BullGuard products. The affected versions range from 14.1.285.4 to 15.0.288.1. The vulnerability has a CVE ID of CVE-2014-9642. The vendor has released a fix for this vulnerability, which can be found at the provided URL. The fixed version is 15.0.288.1. The exploit was tested on a 32-bit Windows XP SP3 system. The vulnerability can be mitigated by updating to the fixed version of the software.
The AVG Internet Security 2015 software allows an attacker to escalate privileges by overwriting the HAL dispatch table. By controlling the input buffer, the attacker can overwrite static pointers, leading to privilege escalation.
The PHPJunkYard GBook application is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied data. An attacker can exploit these vulnerabilities to execute arbitrary script code in the context of the affected site, potentially stealing authentication credentials and launching further attacks.
The vulnerability allows an attacker to include a remote file by manipulating the 'phpbb_root_path' parameter in the 'pass_code.php' and 'lang_select' files of codebb 1.1b3.