The vulnerability allows an attacker with ALTER permissions to execute arbitrary SQL statements, leading to a denial of service (DoS) by causing the MySQL server to lose connection. The exploit involves using the ALTER TABLE statement on a table and field known to exist.
This module tries to open a door in the device by exploiting the RemoteCodeExecution by creating a backdoor inside the device. This exploit was written by Andrei Manole. Version of the firmware 2.000.022. Tested on 2.000.082 -> it still works.
The vulnerability allows an attacker to perform SQL injection attacks through the 'articles.php?topic=' parameter. By manipulating the parameter, an attacker can execute arbitrary SQL queries, potentially gaining unauthorized access to the database.
The Fax Machine System Application 1.0 is vulnerable to SQL Injection. The login_check.php and add_email.php files are susceptible to SQL Injection attacks as the user input is not properly sanitized before being used in SQL queries.
The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Shockwave Player when a user visits a malicious website. The specific flaw exists within the handling of the ShockwaveVersion method. By passing an overly long string to this function an attacker can corrupt memory in such a way that when the method returns it will reference invalid memory. An attacker can leverage this vulnerability to execute code under the context of the user running the browser.
This exploit causes a denial of service (DoS) in Paint Studio version 2.17. By providing a specially crafted input, the program crashes and becomes unresponsive. The exploit creates a file named 'exp.txt' containing a payload of 10 'A' characters.
This is an exploit for the setlocale() function in AIX 5.2. The exploit takes advantage of a buffer overflow vulnerability to execute arbitrary code. The exploit consists of a payload shellcode that will spawn a shell and execute a command. The exploit is triggered by calling the execve() function with specific arguments.
The Adapt Inventory Management System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database.
The vulnerability allows an attacker to execute SQL queries on the jPORTAL 2 mailer.php page. By injecting a malicious SQL query, an attacker can retrieve sensitive information, such as usernames and passwords, from the admins table. The exploit can be executed by appending a union select statement to the 'to' parameter in the URL.
The eBrigade ERP version 4.5 is vulnerable to a Database Backup Disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive database backup files. This can lead to unauthorized access and potential data leaks.
Services By CQR