The Code Widgets Online Job Application is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The vulnerability can be exploited by using a specially crafted input such as ' or 1=1 or ''=' for the username and password fields.
This exploit takes advantage of a heap overflow vulnerability to execute arbitrary code. It first finds the socket file descriptor and duplicates it for reuse. Then, it uses the execve system call to execute /bin/sh. Finally, it uses a ROP chain to make the heap executable by calling mprotect with the appropriate permissions.
This exploit takes advantage of a stack overflow vulnerability in the IMAPD SEARCH command of Mercury/32 v4.52. By sending a specially crafted payload, an attacker can trigger a stack overflow and gain remote code execution on the target system.
This exploit targets a vulnerability in Spring Data REST that allows remote code execution (RCE) through malicious PATCH requests. The vulnerability affects Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1). By exploiting this vulnerability, an attacker can execute arbitrary code on the server.
This exploit takes advantage of a memory corruption vulnerability in the JavaScript code. It creates a large number of instances of an object and then performs malicious actions to exploit the vulnerability.
The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
This exploit takes advantage of a buffer overflow vulnerability in Allok Video Converter. By exploiting this vulnerability, an attacker can open the calculator application on the target system.
The "WebServer.cfg" file used by WebLog Expert Web Server Enterprise 9.4 has weak permissions, allowing local users to set a cleartext password and login as admin.
This exploit targets the DownloadFromMusicStore() function in the jetAudio 7.x ActiveX control. It allows an attacker to remotely execute arbitrary code on a vulnerable system. The bug was discovered by Krystian Kloskowski (h07) and has been tested on jetAudio 7.0.3 Basic with Microsoft Internet Explorer 6.
This is a Proof of Concept (PoC) for amplification attacks using memcached servers. The repo includes the source code for the PoC and approximately 17,000 AMP hosts. The PoC involves sending spoofed source UDP packets to memcached servers to amplify the traffic.
Services By CQR