Wordpress version 2.1.2 is vulnerable to sql injection. This POC works when exploiting with the credentials of a valid user. The user can belong to 'contributor' role or any higher role. Versions before 2.1.2 have not been tested but are most likely to be vulnerable as well.
The vulnerability allows an attacker to download arbitrary files from the target system by exploiting a flaw in the aspose-doc-exporter plugin for Wordpress. By manipulating the 'file' parameter in the vulnerable PHP script, an attacker can traverse directories and download sensitive files.
This exploit allows an attacker to perform blind SQL injection in the XOOPS Module PopnupBlog version 2.52 or lower. The vulnerability is present in the 'postid' parameter of the 'index.php' file. By manipulating the 'postid' parameter, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database.
The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. This issue affects Linux kernels running as guest images.
This exploit allows an attacker to run arbitrary SQL queries on the backend database of HP Mercury Quality Center without using SQL injection. The vulnerability is caused by the ability of the client to execute the "RunQuery" command. The exploit program is written to perform this command. The backend database can be MSSQLServer or Oracle, which determines the types of SQL queries that can be sent. This is a blind SQL attack, but it may be possible to extract data somehow.
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected system. This issue is due to a stack overflow error within the "LoadAniIcon()" [user32.dll] function when rendering cursors, animated cursors or icons with a malformed header, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a malicious web page or viewing an email message containing a specially crafted ANI file.
WebGate eDVR Manager WESPPlayback.WESPPlaybackCtrl.1 SiteName Property Stack Buffer Overflow Remote Code Execution Vulnerability
This exploit allows an attacker to execute arbitrary code on a target system by exploiting a vulnerability in the way Microsoft Internet Explorer handles .ANI (RIFF Cursors) files. It was tested on MS Internet Explorer 6.x-7.x on Windows XP SP2 and Windows Vista.
This module allows you to spawn a remote admin shell (utelnetd) on a QNAP device via Bash Environment Variable Code Injection. Affected products: All Turbo NAS models except TS-100, TS-101, TS-200
This is the EIP overwrite realization of the Frontbase 'create procedure' buffer overflow. Exploit was tested on Frontbase 4.2.7 and 4.1.16 versions under Windows XP SP0, Windows XP SP1, Windows XP SP2. Exploit requires authentication!
Services By CQR