The Oracle WebLogic WLS WSAT Component is vulnerable to a XML Deserialization remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Discovered by Alexey Tyurin of ERPScan and Federico Dotta of Media Service. Please note that SRVHOST, SRVPORT, HTTP_DELAY, URIPATH and related HTTP Server variables are only used when executing a check and will not be used when executing the exploit itself.
The sysctl_vfs_generic_conf() function in the kernel mishandles the vfs.generic.conf.* sysctls, leading to uninitialized padding between vfc_name and vfc_typenum fields. This vulnerability can be exploited by an attacker to potentially leak sensitive information or cause a denial of service.
A vulnerability exists in PHP's MySQL and MySQLi extensions which can be used to bypass PHP's safe_mode security restriction.
The vulnerability allows an users to inject sql commands....
The vulnerability allows an attacker to inject sql commands....
The vulnerability allows an attacker to inject SQL commands.
This exploit allows an attacker to execute arbitrary code on a remote system running Lighttpd with FastCGI and PHP. It works by sending a specially crafted request that triggers a buffer overflow in the server. The exploit has been tested with Lighttpd 1.4.16 and PHP 5.2.4. The attacker needs to provide the target host, port, and a file to execute as command-line arguments.
The vulnerability exists in the '/mod/contak.php' file. It allows an attacker to include local files by manipulating the 'image' parameter in a POST request. This can lead to remote code execution or disclosure of sensitive information.
This exploit targets the Ultra Crypto Component (CryptoX.dll) version 2.0 and below. The vulnerability lies in the "AcquireContext()" and "DeleteContext()" functions, which can be exploited to execute arbitrary code remotely. This can lead to a complete compromise of the affected system. The exploit utilizes the Heap Spray Technique developed by SkyLined to increase the chances of successful exploitation. All software that use this OCX are vulnerable to this exploit.
The Ultra Crypto Component (CryptoX.dll) version 2.0 and earlier is vulnerable to an insecure method in the SaveToFile() function. This allows an attacker to save arbitrary data to a file, potentially leading to remote code execution. The vulnerability can be exploited by converting the desired command (e.g., "cmd.exe /c notepad.exe") to hexadecimal format and saving it to a batch file.
Services By CQR