This exploit allows an attacker to execute remote commands on Master IP CAM version 3.3.4.2103. The vulnerability is identified as CVE-2019-8387.
This vulnerability allows an attacker to include malicious files from a remote server, which can lead to remote code execution.
The demonstration exploit URLs provided are vulnerable to command injection. An attacker can manipulate the 'location' parameter to execute arbitrary commands on the target system. The exploit attempts to read the '/etc/passwd' file. The null byte (%00) at the end of the parameter is used to bypass input validation and termination. This vulnerability allows an attacker to gain unauthorized access to sensitive information or execute malicious commands.
This exploit allows an attacker to cause a denial of service in RealTerm: Serial Terminal version 2.0.0.70. By sending a specially crafted payload to the 'Port' field, the application crashes.
Ucms is a warez-cms coded by madmax, he selled the cms for 150 Euro for one cms, but it´s not enough that the cms costs 150 euro, he added a 'secret' backdoor which now is released...
The qdPM version 9.1 is vulnerable to SQL Injection. By manipulating the 'search_by_extrafields[]' parameter in a POST request, an attacker can inject malicious SQL code, leading to unauthorized access or data manipulation.
The from_string function in Jinja2 is prone to server-side template injection (SSTI) vulnerability. It takes the 'source' parameter as a template object, renders it, and returns it. This allows an attacker to inject arbitrary commands and execute them on the server.
This exploit allows an attacker to cause a denial of service (DoS) by crashing the VSCO application. By creating a file with a large payload and pasting the contents into the search bar of the application, the app will crash.
Creates a trash bin in the ACP where you can recover permanent deleted threads and posts. The thread/post subjects allow XSS and deleted posts can be restored by CSRF.
This exploit causes a denial of service in Navicat for Oracle 12.1.15 by sending a specially crafted password. The exploit code is written in Python, and it opens a file called code.txt and copies its content to the clipboard. Then, it opens Navicat for Oracle and selects the 'Connection' option, followed by 'Oracle'. It fills in the necessary connection details, including a malicious IP address and a large password. When the user clicks 'Accept', the application crashes.
Services By CQR