Wiser is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download backup files that contain sensitive information. Information harvested may aid in launching further attacks.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code-execution may be possible; however this has not been confirmed.
This exploit targets the XOOPS Module MyConference 1.0 index.php file and allows an attacker to perform a blind SQL injection attack. The exploit retrieves user credentials (username and password) from the xoops_users table by injecting a UNION SELECT statement.
A crash due to a static out-of-bounds read can be observed in an ASAN build of Wireshark when a malformed file is fed to tshark.
This exploit takes advantage of a vulnerability in the XOOPS Module Glossarie version 1.7 (sid). It allows an attacker to perform a Blind SQL Injection attack on the target system.
The fix for CVE-2015-2553 can be bypassed to get limited mount reparse points working again for sandbox attacks. By abusing shadow object directories and creating a dummy directory that shadows GLOBAL??, an attacker can redirect a reparse point to an arbitrary location that they control.
The fix for CVE-2015-2553 can be bypassed to get limited mount reparse points working again for sandbox attacks by abusing anonymous token impersonation.
This exploit allows an attacker to perform a blind SQL injection attack on the XOOPS Module resmanager version 1.21 or below. The vulnerability exists in the edit_day.php file of the module. By manipulating the 'genreid', 'path', 'karakter', and 'adresim' parameters, an attacker can inject malicious SQL queries into the application's database and retrieve sensitive information. The exploit uses AJAX to send the SQL query and retrieve the result.
Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The read_png function in libpng allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with a large height value, which causes an integer overflow and a buffer overflow.