No CSRF protection exists allowing attackers to make requests to the server on behalf of the victim if they are logged in and visit a malicious site or click an infected link. This will let attackers modify certain web application settings to whatever the attacker wishes.
This exploit allows an attacker to include remote files through the 'berylium-classes.php' script in Berylium2. By manipulating the 'beryliumroot' parameter, an attacker can include a malicious file hosted on a remote server.
The DynamicPAD software is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by manipulating the 'HomeDir' parameter in the 'dp_logs.php' and 'index.php' files. By including a malicious file, the attacker can execute arbitrary code on the target system.
This exploit allows an attacker to include files from the server's file system by manipulating the 'rubrik' parameter in the URL. By using '../' to navigate to directories above the web root, the attacker can access sensitive files such as '/etc/passwd'.
The Cisco WebEx One-Click Client is prone to an information disclosure vulnerability. Successful exploits may allow an attacker to disclose sensitive information such as stored passwords; this may aid in further attacks.
Adsl modems force you to change admin web interface password. Even though you can change admin password on the web interface, the password you assign does not apply to ssh. So, SSH password always will be 'Username:admin Password:admin'.
The exploit triggers a heap-buffer-overflow in FreeType, specifically in the tt_sbit_decoder_load_bit_aligned function in ttsbit.c file. It has been reproduced with the current version of freetype2 from the master git branch, with a 64-bit build of the ftbench utility compiled with AddressSanitizer.
This module exploits an arbitrary file upload vulnerability in the WordPress Ajax Load More version 2.8.1.1. It allows for the upload of arbitrary php files and allows for remote code execution. The vulnerability has been tested successfully on WordPress Ajax Load More 2.8.0 with Wordpress 4.1.3 on Ubuntu 12.04/14.04 Server.
The 'AddFile' method in the Versalsoft HTTP File Uploader (UFileUploaderD.dll) is vulnerable to a buffer overflow. This can be exploited by sending a specially crafted request, causing the application to crash and potentially allowing for code execution.
Corda Highwire is prone to a path disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.
Services By CQR