The vulnerability exists in the index.php file of WebED v0.0.9. The code in the file allows an attacker to read arbitrary files on the server by manipulating the 'Root' and 'Path' parameters in the URL. By including '../' in the parameters, an attacker can navigate to sensitive files such as '/etc/passwd'. This vulnerability can be exploited remotely.
A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the "}" string to v1/system/login.
This exploit allows an attacker to perform various actions/methods on the Veeam ONE Reporter application. The exploit uses a form submission with a crafted payload to execute the desired action, such as deleting a dashboard. All methods in the application are vulnerable to this exploit.
This exploit targets the Free Float FTP 1.0 software and allows for a remote buffer overflow. It generates shellcode using MSFVenom and sets up a listener for a reverse TCP connection.
This exploit targets a remote buffer overflow vulnerability in Free Float FTP 1.0. By sending a specially crafted "SIZE" command, an attacker can trigger a buffer overflow and potentially execute arbitrary code on the target system.
The Web-MeetMe 3.0.3 application is vulnerable to a remote file disclosure vulnerability. By exploiting this vulnerability, an attacker can disclose sensitive files on the server by including malicious input in the 'roomNo' or 'bookid' parameters of the 'play.php' script. This can allow an attacker to view the contents of files such as the '/etc/passwd' file. The vulnerability was discovered by Evil.Man.
This exploit targets a local SEH (Structured Exception Handling) overflow vulnerability in Lavavo CD Ripper version 4.20. By providing a specially crafted 'License Activation Name' value, an attacker can trigger a buffer overflow and execute arbitrary code. This exploit creates a bind shell on port 3110.
The NoAh version 0.9 pre 1.2 is vulnerable to remote file disclosure. This vulnerability allows an attacker to disclose sensitive files on the system by exploiting certain files in the NoAh system module templates. By manipulating the 'filepath' parameter in the URLs, an attacker can access files outside the intended directory and retrieve sensitive information such as the '/etc/passwd' file.
This vulnerability exists in the V8 JavaScript engine in the way it handles the length of FixedDoubleArray. By providing a large length value to the NewFixedDoubleArray function, an attacker can trigger an integer overflow and potentially cause a denial of service or remote code execution.
The hardened VirtualBox process on a Windows host doesnβt secure its COM interface leading to arbitrary code injection and EoP.
Services By CQR