An attacker can exploit this SQL-injection issue to carry out unauthorized actions on the underlying database, which may compromise the application and aid in further attacks.
The 'com_projects' component for Joomla! is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. By using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
The NitroView ESM software fails to properly sanitize user-supplied input, which allows remote attackers to execute arbitrary commands on the appliance in the context of the webserver process.
Microsoft Windows 'lpksetup.exe' is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
The Absolute Image Gallery Gallery.ASP script is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'categoryid' parameter in the 'gallery.asp' script. By injecting SQL code, the attacker can bypass authentication, access unauthorized data, modify or delete data, or perform other malicious actions.
The WebCalendar v0.9.45 (13 Dec 2004) is vulnerable to remote file inclusion in the login.php, get_reminders.php, and get_events.php scripts. An attacker can include an arbitrary file by manipulating the includedir parameter in the URLs provided. This can lead to remote code execution and compromise of the affected system.
The 'realm' parameter in the URL is vulnerable to SQL injection. An attacker can use sqlmap to exploit this vulnerability.
IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
IBM Tivoli Access Manager for e-business is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The PoC executes the shellcode (int 3) and returns. It overwrites the ext_free() function pointer on the mbuf and forces a m_freem() on the overflowed packet. The Impacket library is used to craft and send packets. Currently, only systems supporting raw sockets and the PF_PACKET family can run the included proof-of-concept code.
Services By CQR