It is possible for a remote attacker to include a file from local or remote resources and/or execute arbitrary script code with the privileges of the webserver. An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.
The vulnerability allows an attacker to inject SQL commands.
The script allows an attacker to read files on the server and add a user with full privileges.
The vulnerability allows an attacker to inject SQL commands.
The vulnerability allows an attacker to inject sql commands
This exploit targets the 'DeleteXMLFile()' method in the NVR SP2 2.0 nvUtility.Utility.1 control. It allows an attacker to delete arbitrary files on the system. All software that uses this control is vulnerable to this exploit.
Any OS commands can be injected by an authenticated attacker with any role. This is a serious vulnerability as the chance for the system to be compromised is high.
The Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner version 10.0 allows remote attackers to execute arbitrary commands via a crafted miner_getstat1 command to the remote management interface on port 3333.
This exploit targets the "SaveXMLFile()" method in NVR SP2 2.0 nvUtility.Utility.1 (nvUtility.dll v. 1.0.14.0). It allows an attacker to execute arbitrary commands on the target system.
You can bypass the controlled folder feature in Defender in Windows 10 1709 using a local UNC admin share. By opening the target file for write/delete access through the UNC path, the controlled folders feature can be circumvented.
Services By CQR