This exploit allows an attacker to bypass authentication in QNAP Netatalk before version 3.1.12. It overwrites the commands pointer with the base of the preauth_switch.
The plugin's primary goal is to limit the rate at which an individual can attempt to authenticate with WordPress. Plugin has support for HTTP headers X_FORWARDED_FOR and X_SUCURI_CLIENTIP to allow rate limiting for users when web servers are behind a reverse proxy service. However, REMOTE_ADDR is not verified as a whitelisted proxy address, thus allowing an attacker to easily forge either the X_FORWARDED_FOR or X_SUCURI_CLIENTIP headers to completely bypass the rate limiting service.
This exploit takes advantage of a buffer overflow vulnerability in the activation code of River Past Cam Do 3.7.6. By generating a malicious activation code and pasting it into the application, an attacker can execute arbitrary code, such as launching the calculator (calc.exe) in this example.
This exploit allows an attacker to remotely disclose the source code of a PHP-Nuke NSN Script Depository module version 1.0.0 or below. By providing the target URL and the file path, the exploit generates a form that triggers the disclosure of the specified file.
This vulnerability allows an attacker to inject HTML code into a website, which can lead to various attacks such as cross-site scripting (XSS). The vulnerability can be exploited by manipulating the 'log', 'name', or 'data' parameters in the affected URLs. An example payload for this exploit is '<h1>HTML Injection</h1>'.
The download module does not correctly check the file parameter, allowing for directory traversal and the ability to download all files hosted in the target web space.
The JSPromise class in Chromium's V8 JavaScript engine reuses a single field to store both the result object and the reaction list. This allows an attacker to trigger type confusion by calling JSPromise::Fulfill twice on the same Promise object.
The AddOriginals function in initialize_v8_extras_binding.cc in Blink does not properly handle serialization when Transferable Streams are enabled, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML page. The vulnerability exists in the serialization process for MessagePort and DOMException objects.
The Eurologon CMS is vulnerable to SQL Injection. Attackers can exploit this vulnerability by injecting malicious SQL queries into the 'id' parameter of the reviews.php, links.php, and articles.php pages. This allows them to retrieve sensitive information from the database, such as usernames and passwords.
This module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The 'new_config' parameter of 'exec.php' allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an authorized user (Administrator). Module allows remote command execution by sending php payload with parameter 'new_config'.
Services By CQR