SQL injection on [sitterService] parameter. The vulnerability allows an attacker to inject SQL queries into the parameter and manipulate the database.
The Joomla Component NeoRecruit version 1.4 and below is vulnerable to a remote blind SQL injection vulnerability. An attacker can exploit this vulnerability by injecting SQL code into the 'id' parameter of the 'offer_view' task in the 'com_neorecruit' component. This can lead to unauthorized access to the database, potentially exposing sensitive information.
SQL injection on [catg_id] parameter
The exploit takes advantage of a buffer overflow vulnerability in the php_ntuser ntuser_getuserlist() function in PHP 5.2.3. By providing a specially crafted input, an attacker can overwrite the EIP register with arbitrary data, potentially allowing for remote code execution.
The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
This is a buffer overflow exploit for the PHP win32std extension. It allows an attacker to execute arbitrary code on a vulnerable system. The exploit has been tested on PHP version 5.2.3 running on Windows XP SP2 Eng.
In versions of CometChat before version v6.2.0 BETA 1, a bug existed which allowed any unauthorized attacker to modify the include path of a PHP file by sending an HTTP request with a crafted 'cc_lang' cookie. If successfully exploited, an attacker could leverage this bug to execute arbitrary PHP code which resides somewhere else on the server (e.g., uploaded via an upload form).
This exploit opens a bind shell on the remote target. It requires authentication. The default credentials are admin:admin. The exploit generates an authorization cookie using the user's password and sends it in the request header. The server generates a random path for further requests. The exploit also includes custom bind shell shellcode with a simple XOR encoder.
If a user loads an attacker supplied "GDFMakerProject" file type into GDF Maker using Ctrl+O or file menu, local files can be exfiltrated to remote attacker controlled server, as gdfmaker.exe is vulnerable to XML External Entity Expansion attacks.
Services By CQR