This vulnerability allows an attacker to include arbitrary files from remote servers.
This exploit allows an attacker to inject malicious code into the Canon PrintMe EFI application, leading to a cross-site scripting (XSS) vulnerability. The vulnerability is triggered when the application fails to properly sanitize user input, allowing an attacker to execute arbitrary JavaScript code in the context of the victim's browser.
This component contains an insecure 'CompactFile()' method which overwrites arbitrary files on the user's PC. By passing an existing file as the first parameter and a desired file as the second parameter, the desired file will be overwritten.
The Joomla! Component EkRishta 2.10 is vulnerable to a SQL Injection attack. The 'username' parameter is not properly sanitized, allowing an attacker to inject SQL code into the query. This can lead to unauthorized access, data manipulation, or other malicious activities.
Component name: PegasusImaging.ActiveX.ThumbnailXpress1.dll Version: 1.0.45.0 This control contains an insecure "CacheFile()" method that delete, once the process is terminated, the file passed as argument.
The vulnerability allows an attacker to perform SQL injection attacks on the Furkan TaÅŸtan Blog website. By manipulating the 'id' parameter in the '/kategori.asp?kat=goster&id=' URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database.
The WordPress Contact Form Maker Plugin version 1.12.20 and below is vulnerable to SQL Injection. By sending specially crafted requests to the plugin settings page, an attacker with appropriate privileges can exploit these vulnerabilities to escalate their privileges or modify database contents.
Ftp Server 1.32 Insecure Data Storage, the result of storing confidential information insecurely on the system i.e. poor encryption, plain text, access control issues etc. Attacker can find out username/password of valid user via /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml
The Trionic Cite CMS 1.2 rev9 is vulnerable to remote file inclusion attacks. An attacker can exploit this vulnerability by manipulating the 'bf_data' parameter in the '/interface/editors/-custom.php' and '/interface/editors/custom.php' scripts to include malicious files from a remote server. This can lead to arbitrary code execution on the affected system.
The vulnerability exists in the getvolattrlist function, which takes a user-controlled bufferSize argument via the fgetattrlist syscall. When allocating a kernel buffer to serialize the attribute list, there is a lack of lower size check, which can lead to a heap overflow. The code does not correctly handle the case when the user-supplied buffer size is smaller than the requested header size. This can be exploited to overwrite kernel memory and potentially execute arbitrary code.
Services By CQR