This vulnerability allows an attacker to perform unauthorized actions on behalf of the victim by tricking them into clicking on a malicious link or visiting a malicious website. In this case, the vulnerability allows an attacker to add a new course to the ATutor Learning Management System without proper authentication.
A specially crafted web-page can cause Microsoft Internet Explorer to assume a CSS value stored as a string can only be 'true' or 'false'. An attacker that is able to set it to a smaller string can cause the code to read data out-of-bounds and is able to determine if a WCHAR value stored behind that string is '�' or not.
This exploit allows an attacker to escalate privileges on a Windows system by exploiting a vulnerability in the DbgPrintEx function. The attacker can send a specially crafted input to the function, which will execute arbitrary code with elevated privileges. This vulnerability was assigned CVE-2016-7255.
When the Avira Launcher manual update imports a zip file doesn't checks for " ../ " characters which makes it possible to do a path traversal and write anywhere in the system.
The vulnerability allows an attacker to include a remote file via the 'strIncludePrefix' parameter in the 'global.inc.php' file. The exploit URL is 'www.xxx.com/pmi_v28/Includes/global.inc.php?strIncludePrefix=Shell.txt?'
This exploit targets a use after free vulnerability in the Linux Kernel's TCP implementation. It leverages the vulnerability to gain arbitrary code execution.
The NodCMS application is vulnerable to PHP Code Execution. An attacker can exploit this vulnerability by injecting malicious code into the 'config.php' file, which can lead to remote code execution.
This vulnerability allows an attacker to include remote files on the server. The vulnerability is found in phphtml v0.6.4. By exploiting the vulnerability, an attacker can include a malicious file and execute arbitrary code on the server.
The vulnerability exists in the /admin/editor2/spaw_control.class.php file. By exploiting this vulnerability, an attacker can include arbitrary files from remote servers into the vulnerable application, potentially leading to remote code execution.
The awstats.pl script in AWStats before 6.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) config parameter or (2) framename parameter.
Services By CQR