The vulnerability allows an attacker to perform SQL injection attacks by exploiting the /details_news.php page. By manipulating the 'idnew' parameter, an attacker can inject malicious SQL queries and retrieve sensitive information from the database.
The exploit involves a crash in Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled. The crash occurs due to an out of bounds memory access in the GDI32 library.
Pull out members info from the database.
The vbzoom 1.x forum.php MainID parameter is vulnerable to remote SQL injection. An attacker can manipulate the MainID parameter to execute arbitrary SQL queries and retrieve sensitive information from the Member table. The vulnerability allows unauthorized access to user titles and passwords.
SQL injection in $id of videos.php, admin & password are in config.php, Path disclosure
The vulnerability exists in the $id parameter of the view_page.php file, allowing an attacker to inject SQL code. By using a UNION SELECT statement, the attacker can retrieve the usernames and passwords of users from the ava_users table where the id is 1.
This exploit takes advantage of a buffer overflow vulnerability in HP Instant Support - Driver Check. By sending a specially crafted HTML code, an attacker can cause a remote buffer overflow and potentially execute arbitrary code on the target system.
The DxgkDdiEscape handler for 0x100008b accepts a user supplied size as the limit for a loop, leading to out-of-bounds reads and writes.
This module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/testaction.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.11.0.12 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.11.0.12 firmware.
Remote SQL injection in msg.php id, able to pull admin user/pass.
Services By CQR