Mozilla Firefox < 50.1.0 Use-After-Free POC. The vulnerability allows an attacker to execute arbitrary code or cause a denial of service (DoS) by leveraging a Use-After-Free vulnerability in Mozilla Firefox.
The vulnerability allows remote attackers to execute arbitrary SQL commands and include arbitrary files via the member parameter in the comments page.
The Bug Mall Shopping Cart 2.5 and prior versions are vulnerable to SQL injection, cross-site scripting (XSS), and default login vulnerabilities. The SQL injection vulnerability can be exploited through the search box, allowing an attacker to execute arbitrary SQL queries. The XSS vulnerability can be exploited by injecting HTML or JavaScript code into the 'msgs' parameter. The script also seems to have a default login with the username 'demo' and password 'demo'.
The footer.inc.php file in b1gBB (b1g Bulletion Board) allows remote attackers to include arbitrary PHP files via the tfooter parameter in a footer.inc.php request, as demonstrated by including shell.php. This vulnerability can be exploited by an attacker to execute arbitrary code or disclose sensitive information.
This program exploits a memory corruption vulnerability in the Windows operating system. It takes advantage of a flaw in the virtual memory page tables to gain unauthorized access to system resources. The vulnerability, known as CVE-2016-7255, allows an attacker to execute arbitrary code with kernel-level privileges.
During a code review of Ansible, Computest found and exploited several issues that allow a compromised host to execute commands on the Ansible controller and gain access to other controlled hosts. This vulnerability could lead to unauthorized access and compromise of the entire Ansible infrastructure.
You can login as anyone without knowing password because of incorrect usage of wp_set_auth_cookie().
The vulnerability exists in the 'id' parameter of the view_profile.php file. An attacker can inject SQL code into this parameter to manipulate the database and retrieve sensitive information.
The phpTrafficA application before version 1.4.2 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries through the 'pageid' parameter in the 'index.php' script. This allows the attacker to manipulate the database and potentially execute arbitrary SQL commands.
This exploit allows remote command execution as the webserver user id in mnoGoSearch 3.1.20 for Linux ix86. The exploit takes advantage of a vulnerability in the search.cgi script.
Services By CQR