The Open-Realty application is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions and gain access to the affected application. Other attacks are also possible.
This module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement.
This exploit allows an attacker to include a remote file in the phporacleview script, specifically in the inc/include_all.inc.php file. By manipulating the 'page_dir' parameter in the URL, an attacker can include a malicious file hosted on a remote server.
There is a textfield within the program that asks for IPs to be blocked against the FTP server that is vulnerable to an SEH based buffer overflow.
The vulnerability allows an attacker to bypass the cross-site scripting filter mechanism, enabling them to execute arbitrary script code and steal cookie-based authentication credentials.
The PHP BandManager application is vulnerable to remote file inclusion due to the insecure use of the include function. By manipulating the 'pg' parameter in the 'index.php' file, an attacker can include arbitrary files from remote servers.
Sysax Multi ssh Server doesn't correctly handle SSH_MSG_USERAUTH_REQUEST packet , when the "user name" length malformed can lead dos
The PCMan's FTP Server v2.0 is vulnerable to a buffer overflow exploit in the RENAME command. An attacker can send a specially crafted RENAME command with a long payload, causing the server to crash or potentially execute arbitrary code.
The SUNRAS plugin in Gimp v2.2.14 is vulnerable to a buffer overflow in the set_color_table function. This vulnerability can be exploited to execute arbitrary code.
This code snippet shows a bypass technique for Data Execution Prevention (DEP) using the msvcr71.dll library. It uses a ROP chain and a small shellcode to achieve the bypass.
Services By CQR