This exploit allows an attacker to perform a remote SQL injection attack on the KwsPHP 1.0 sondages module. By manipulating the 'id' parameter in the URL, an attacker can retrieve sensitive information from the database, such as usernames and passwords.
This code snippet demonstrates how to hijack a session between bluetoothd and a client. It adds a callback to the client and jumps to a specified address with additional data.
The vulnerability exists in phpsyncml version 0.1.2. Attackers can exploit this vulnerability by including remote files in the 'base_dir' parameter in the Decoder.php and Encoder.php files located in the wbxml/WBXML directory of the target application.
This control contains two methods, 'SaveAsBMP()' and 'SaveAsWMF()', which write to a file specified as an argument. These can be exploited to overwrite and corrupt arbitrary files on the system in the context of the currently logged-on user.
This exploit allows for PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50, and 3.55. It is based off Henkaku's WebKit Vulnerability for the Sony's PSVita and includes basic ROP (Return-Oriented Programming) and is able to return to normal execution.
The vulnerability allows remote attackers to execute arbitrary code on the target system. This can be achieved by bypassing the admin authorization and injecting arbitrary PHP code into the configuration file.
The exploit allows an attacker to remotely trigger a buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712, leading to potential remote code execution on the victim's machine. By setting up a listener on port 443 and running the provided script on the attacking machine, the attacker can open the vulnerable application on the victim's machine and exploit the buffer overflow to gain a remote shell.
The comment box in the My Arcade plugin is vulnerable to a persistent XSS attack.
A large SUBSCRIBE message with multiple malformed Accept headers will crash Asterisk due to stack corruption.
This exploit allows an attacker to perform a remote SQL injection attack on the Omnistar Article Manager Software. By manipulating the URL parameters, an attacker can retrieve sensitive information from the user database, such as usernames and passwords.
Services By CQR