Link Request Contact Form v3.4 is designed to let users request to add their website link(s) banner(s) to a website. There is a bug in the software that allows a remote attacker to inject code into the server by uploading a JPG or GIF file that contains PHP code.
Vulnerability in the NetBeans component of Oracle Fusion Middleware (subcomponent: Project Import). The supported version that is affected is 8.1. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where NetBeans executes to compromise NetBeans. While the vulnerability is in NetBeans, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetBeans accessible data as well as unauthorized read access to a subset of NetBeans accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of NetBeans. Vulnerability in way Netbeans processes ".zip" archives to be imported as project. If a user imports a malicious project containing "../" characters the import will fail, yet still process the "../". we can then place malicious scripts outside of the target directory and inside web root if user is running a local server etc... It may be possible to then execute remote commands on the affected system by later visiting the URL and access our script if that web server is public facing, if it is not then it may still be subject to abuse internally by internal malicious users. Moreover, it is also possible to overwrite files on the system hosting vulnerable versions of NetBeans IDE.
This script creates a listening socket and acts as an FTP server. When the client connects, a huge buffer is sent back to the client, resulting in a buffer overflow.
IObit Advanced SystemCare installs a service with an unquoted service path. To exploit this vulnerability, the attacker needs to insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
The DeviceApi CMApi PnpCtxRegOpenCurrentUserKey function doesn’t check the impersonation level of the current effective token allowing a normal user to create arbitrary registry keys in another user’s loaded hive leading to elevation of privilege.
The vulnerability allows an attacker to perform a SQL injection attack by manipulating the 'id' parameter in the 'down_indir.asp' file. By using a UNION SELECT statement, the attacker can retrieve sensitive information, such as the 'adminsifre' (admin password) from the 'ayarlar' (settings) table.
This exploit targets a vulnerability in the idaiehlp.dll file of Internet Download Accelerator. By sending a specially crafted string as an argument to the NotSafe method of the idaiehlp object, an attacker can trigger a buffer overflow and potentially execute arbitrary code on the target system.
This is a remote file inclusion exploit in the PHP Real Estate Classifieds Premium Plus script. It allows an attacker to include arbitrary files from a remote server, potentially leading to remote code execution.
The vulnerability allows an attacker to bypass authentication in the Health Record System. By using a specific input, the attacker can log in with any username and password combination.
The e-Vision CMS <= 2.02 has multiple vulnerabilities including SQL Injection and Remote Code Execution. The SQL Injection vulnerability can allow an attacker to retrieve the admin user and hash, while the Remote Code Execution vulnerability allows an attacker to execute arbitrary commands on the target system.
Services By CQR