The b.php and gallery.php files in eMeeting Online Dating Software 5.2 are vulnerable to SQL injection attacks. An attacker can exploit these vulnerabilities to extract sensitive information from the database, such as usernames, passwords, and email addresses.
`CG6Service` service has method `SetPeLauncherState` which allows launch the debugger automatically for every process we want.
The exploit allows an attacker to retrieve multiple admin/user credentials by injecting SQL queries.
This exploit targets the callboth.php file in the Asteridex web application. It allows an attacker to execute arbitrary shell commands on the target server by manipulating the SEQ and IN parameters in the URL. The exploit uses the curl command to send HTTP requests to the target server and execute the commands.
The exploit allows unauthorized access to sensitive files and actions in the VRNews v1.x admin panel. It can be exploited by an attacker by directly accessing specific URLs in the admin.php file.
When installing EnjoySAP, in appreciation of its vast size for being a client (around 500MB), there are an astounding 1102 ActiveX controls installed. A relatively brief examination of these controls found a large number of instances that would terminate EnjoySAP process, there were a number that could create files on the file system (there unfortunately exists no ability to inject content into these created files) and a number of buffer overruns.
The EnjoySAP application, also known as Enjoy, is a popular SAP GUI used today. The application installs 1102 ActiveX controls during the installation process. A examination of these controls revealed instances of code termination, file creation on the file system, and buffer overflows.
The exploit allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability in the SMTP connection verification function in SysGauge version 1.5.18. The vulnerability can be triggered by sending a specially crafted request to the affected software. Successful exploitation of this vulnerability could lead to remote code execution.
Cross Site Request Forgery can be used to manipulate dnscfg.cgi in this device. An insider / external attacker (remote management to be enabled for external attacker) can change primary and secondary DNS IP address to some malicious IP address without using βadminβ account.
The exploit allows an attacker to run CMD.EXE with system privileges by manipulating the Cisco AnyConnect application from the logon screen. It also allows running scripts from a USB flash drive.
Services By CQR