Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Code Widgets DataBound Collapsible Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Code Widgets DataBound Index Style Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Code Widgets Online Job Application is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The vulnerability can be exploited by using a specially crafted input such as ' or 1=1 or ''=' for the username and password fields.
This exploit takes advantage of a heap overflow vulnerability to execute arbitrary code. It first finds the socket file descriptor and duplicates it for reuse. Then, it uses the execve system call to execute /bin/sh. Finally, it uses a ROP chain to make the heap executable by calling mprotect with the appropriate permissions.
This exploit takes advantage of a stack overflow vulnerability in the IMAPD SEARCH command of Mercury/32 v4.52. By sending a specially crafted payload, an attacker can trigger a stack overflow and gain remote code execution on the target system.
This exploit targets a vulnerability in Spring Data REST that allows remote code execution (RCE) through malicious PATCH requests. The vulnerability affects Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1). By exploiting this vulnerability, an attacker can execute arbitrary code on the server.
This exploit takes advantage of a memory corruption vulnerability in the JavaScript code. It creates a large number of instances of an object and then performs malicious actions to exploit the vulnerability.
The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.