This exploit allows an attacker to crash the ipPulse 1.92 software by sending a specially crafted TCP Port value. By running the provided python code and following the steps outlined, the software will crash, resulting in a denial of service condition.
The exploit creates a payload of 5000 bytes and writes it to a file named 'poc.txt'. When the payload is pasted into the 'name' field in the 'pod' section of the 'Geom browser' in the 'vsp.exe' application, it causes a crash.
This exploit allows an attacker to perform a remote SQL injection attack in the KwsPHP 1.0 mg2 module. By manipulating the 'album' parameter in the 'index.php' file, an attacker can retrieve sensitive information from the 'users' table, such as usernames and passwords.
Plainview Activity Monitor Wordpress plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability, but this plugin version is also vulnerable to CSRF attack and Reflected XSS. Combined, these three vulnerabilities can lead to Remote Command Execution just with an admin click on a malicious link.
This exploit allows an attacker to perform SQL injection on the Recipes Portal Script. The vulnerability can be exploited by injecting SQL code into the 'sbcat_id' parameter of the 'searchresult.php' page. The specific SQL code provided in the exploit allows the attacker to retrieve sensitive information from the database, including the administrator's username and password.
Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF.
The attached fuzz file causes an out-of-bounds read in AVC processing. To reproduce the issue, put both attached files on a server and visit the given URL. This issue reproduces on Chrome and Firefox for Linux.
admin/vqmods.app/vqmods.inc.php in LiteCart 2.1.2 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
Invalid Unicode sequences can trick the Emoji iter code into returning an empty segment, which then triggers an assertion in the itemizer.
The vulnerability allows attackers to cause a denial of service (DoS) condition on the affected device. By sending a specially crafted request to the 'Servidor' field, the application crashes, resulting in a DoS condition.
Services By CQR