This exploit takes advantage of a local buffer overflow vulnerability in DVDXPlayer 5.5 Pro. By sending a specially crafted payloadofficial.plf file, an attacker can trigger a buffer overflow and gain control of the SEH (Structured Exception Handling) chain. This allows the attacker to execute arbitrary code on the targeted system.
Multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities in SerWeb version 2.0.0 dev1 2007-02-20 allow attackers to include arbitrary files from remote servers or local file system, which could lead to remote code execution or unauthorized access to sensitive information.
The IceWarp version 10.4.4 is vulnerable to local file inclusion. An attacker can exploit this vulnerability by including local files and executing arbitrary code. This vulnerability has been assigned CVE-2019-12593.
The vulnerability allows an attacker to disclose arbitrary files on the server by exploiting a file path traversal issue in the 'resize.php' script of the PictPress WordPress plugin. By manipulating the 'size' and 'path' parameters in the URL, an attacker can traverse directories and read sensitive files, such as the '/etc/passwd' file.
This exploit is used to perform a remote code execution attack on a target system that is vulnerable to the RDP protocol. The exploit takes advantage of a vulnerability in the RDP protocol implementation to execute arbitrary code on the target system. This can be used to gain unauthorized access to the target system or to launch further attacks.
This module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access.
This vulnerability allows an attacker to disclose arbitrary files on the server. By exploiting the '/ezcontents1_4x/index.php?link=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd' URL, an attacker can access sensitive files such as the '/etc/passwd' file.
During a bailout, IonMonkey can leak an internal JS_OPTIMIZED_OUT magic value to the running script, which can be used to achieve memory corruption.
A crafted file name for uploaded document leads to stored XSS. The file name should start from a double quotation mark and can contain malicious JavaScript code.
The SineCMS version 2.3.4 and below is vulnerable to SQL injection in the Calendar module. An attacker can exploit this vulnerability by sending a specially crafted request to the mods.php file, allowing them to retrieve sensitive information from the database. There are also other SQL injection vulnerabilities in the admin panel.
Services By CQR