This vulnerability enables a normal user to escalate privilege and become the administrator of the application. The vulnerability can be exploited by using a read-only user account to obtain an API key and then sending a request to change the user password to become the admin.
DoS (Denial of Service) PoC. Will crash NTPd.
The Mambo com_yanc v1.4 beta (id) component is vulnerable to blind remote SQL injection. By manipulating the 'listid' parameter in the 'index.php' file, an attacker can execute SQL queries and retrieve sensitive information, such as usernames and passwords, from the 'mos_users' table.
In Deepin Linux 15.1, the lastore-daemon, which runs with root privilege, can be exploited to install or remove any package, potentially leading to the destruction of the host system. Additionally, a malicious package can be used to gain root privilege.
This exploit allows an attacker to retrieve the admin username and hash from the FAQEngine version 4.16.03. The vulnerable code is in the question.php file where the SQL query is vulnerable to injection. By using a UNION SELECT statement, the attacker can retrieve the desired information. The proof of concept URL is provided in the code.
This vulnerability allows malicious individuals to conduct SQL injection attacks by exploiting input passed to the 'username' and 'password' parameters in auth.ph
The Wordpress booking calendar contact form plugin before version 1.0.23 is prone to a blind SQL injection vulnerability. The vulnerability occurs due to a failure to sanitize a parameter used in a SQL statement. The function 'dex_bccf_get_option' uses a variable called 'CP_BCCF_CALENDAR_ID' which is not sanitized and is used as a value for the 'id' of the SQL parameter. This vulnerability can be exploited by an unauthenticated attacker to execute arbitrary SQL queries on the underlying database.
This exploit allows an attacker to retrieve the admin username and hash from a vulnerable SimpNews version. By injecting a malicious SQL query through the 'newsnr' parameter in the 'print.php' file, the attacker can retrieve the admin credentials from the 'simpnews_users' table.
Dotdefender firewall (WAF) is vulnerable to cross site request forgery, allowing attackers to make HTTP requests via the victim's browser to the dotdefender management server on behalf of the victim. This can result in modifying or disabling various firewall patterns, User-Defined Rule settings, and global event logging.
The exploit allows an attacker to create a folder with a specially crafted name on a remote FTP server, which triggers a buffer overflow condition. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system.
Services By CQR