task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free vulnerability.
The Green CMS version 2.x is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code into the 'cat' parameter in the index.php file. This can lead to unauthorized access to the database and potential data leakage.
This exploit takes advantage of a buffer overflow vulnerability in the i386_set_ldt function. By providing a large input buffer, an attacker can overwrite memory and potentially execute arbitrary code. This vulnerability was discovered and published on milw0rm.com on November 16, 2007.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Joomla! Component JHotelReservation version 6.0.7 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted POST request to the search-hotels endpoint, allowing them to execute arbitrary SQL queries on the underlying database.
The Joomla! Component J-MultipleHotelReservation 6.0.7 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the target server.
The 'id' variable in the 'artikel' section and the 'katid' variable in the 'produk' section are not properly filtered, allowing remote attackers to manipulate the SQL query through the browser.
The Joomla! Component vBizz version 1.0.7 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the target system.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files, the E-mail address field takes an expected E-mail address value, however the .CONTACT file is vulnerable to HTML injection as no validation is performed. Therefore, if an attacker references an executable file using an HREF tag it will run that instead without warning instead of performing the expected email behavior. This is dangerous and would be unexpected to an end user. The E-mail addresses Mailto: will point to an arbitrary executable like. <a href="calc.exe">pwn@microsoft.com</a> Additionally the executable file can live in a sub-directory and be referenced like "<a href="mydirmalicious.exe">pwn@microsoft.com</a>" or attackers can use directory traversal techniques to point to a malware say sitting in the targets Downloads directory like: <a href="........UsersvictimDownloadsevil.exe">pwn@microsoft.com</a> Making matters worse is if the the files are compressed then downloaded "mark of the web" (MOTW) may potentially not work as expected using certain archive utils.
The vulnerability allows an attacker to pull admin session id's from the database and gain unauthorized access to the admin area. The exploit uses a UNION-based SQL injection technique.
Services By CQR