This exploit allows an attacker to bypass authentication in the Jettweb PHP Hazir Haber Sitesi Scripti V2. By manipulating the username and password fields, an attacker can gain unauthorized access to the administration panel.
The Jettweb PHP Hazir Haber Sitesi Scripti V1 is vulnerable to multiple SQL Injection vulnerabilities, allowing attackers to execute arbitrary SQL commands. Additionally, the script is also vulnerable to an authentication bypass vulnerability, which allows unauthorized access to the administration panel.
The Inout Article Base CMS is vulnerable to SQL Injection. This can be exploited through the 'p' and 'u' parameters in the portalLogin.php page. An attacker can inject malicious SQL code to manipulate the database.
Remote File Inclusion vulnerability in iaprcommence 1.3 allows remote attackers to include arbitrary files via a URL in the php_root_path parameter.
The Company Business Website CMS is vulnerable to SQL Injection in the 'user_name' parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands.
In Windows 7, SEH handler to be used contains a x00 byte that it has been obtained using a restricted char. For such a reason, every jump has to be backward on the beginning of attacking shellcode.
The RunCms software is vulnerable to remote code execution due to a bug in the Yahoo! Crawler. This vulnerability allows an attacker to execute arbitrary code on the target system by sending a specially crafted packet.
The 202CMS version v10 beta is vulnerable to SQL Injection via the 'log_user' parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database.
This module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins <= 2.137 and will not work on later versions of Jenkins.
The BeginOperation function in FileSystemOperationRunner class in Chromium has a use-after-free vulnerability. If the id used in the BeginOperation function wraps around, it can cause a use-after-free in the browser process. The normal usage of BeginOperation function is to pass a unique_ptr to the operation, which is then moved into the operations_ map. However, if the id wraps around, it can free the operation prematurely, leading to a use-after-free vulnerability. This vulnerability can be triggered by a malformed blob in the blob registry or by accessing the FileWriter API. Currently, this vulnerability requires a compromised renderer to exploit.
Services By CQR