This exploit allows an attacker to perform Cross-Site Request Forgery attacks on DigiAffiliate version 1.4. The attacker can update the admin account by sending a crafted request to the user_save.asp endpoint.
The Digirez 3.4 application is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability to update user and admin accounts without proper authentication.
The Ncaster 1.7.2 script is vulnerable to remote code execution due to improper validation of the 'adminfolder' parameter in the 'archive.php' file. An attacker can exploit this vulnerability by injecting a shell command in the 'adminfolder' parameter, leading to arbitrary code execution.
This module exploits a buffer overflow vulnerability found in libpal.dll of Disk Pulse Server v2.2.34. The overflow is triggered when sending an overly long 'GetServerInfo' request to the service listening on port 9120.
The nhrp-dos exploit allows an attacker to cause a denial of service by sending malicious packets to a Cisco router that is using the Next-Hop-Resolution Protocol (NHRP). This vulnerability is identified by the Cisco bug ID CSCin95836. NHRP is a protocol used by a source host/router to determine the next hop towards the destination in a Non-Broadcast-Multi-Access (NBMA) subnetwork. The exploit targets the NHRP functionality of Cisco routers and can disrupt network connectivity.
This module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version < 4.0 build 910. The overflow is triggered due to a lack of sanitization of the pointers used for two strcpy functions.
This module exploits a stack based buffer overflow found in SMPlayer 0.6.9 (Permanent DEP /AlwaysON). The overflow is triggered during the parsing of an overly long string found in a malicious SAMI subtitle file.
This is a vulnerability in the fishcart_v3 script where an attacker can include a remote file by manipulating the 'docroot' parameter in the fc_example.php file. This can lead to remote code execution.
The Carel PlantVisor software version <= 2.4.4 is affected by a directory traversal vulnerability that allows an attacker to download files located on the disk where the software is installed. The vulnerability supports both slash and backslash and their HTTP encoded values.
This module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to the DWRCS executable listening on port 6129. The username is read into a strcpy() function causing an overwrite of the return pointer leading to arbitrary code execution.
Services By CQR