The PBEmail 7 ActiveX Edition software is vulnerable to an insecure method, specifically the SaveSenderToXml function in the PBEmail7Ax.dll file. This vulnerability allows an attacker to overwrite arbitrary files on the system, as demonstrated in the provided script.
This exploit allows an attacker to execute arbitrary code on a target system by exploiting a buffer overflow vulnerability in CuteFTP 5.0. By creating a specially crafted shortcut, the attacker can trigger the overflow and gain control of the system. The exploit generates an 'exploit.txt' file and uses a python script to automate the process.
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. After the administrator logged in, open the POC, that will create a new admin account unexcused.
The vulnerability allows an attacker to inject SQL commands on 'template_id' parameter.
ZOHO Corp ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
The SkypeApp version 12.8.487.0 is vulnerable to a denial of service attack. By sending a specially crafted payload to the 'Cuenta de Skype o Microsoft' field, an attacker can cause the application to crash.
This exploit creates a file called exploit.txt with a payload of 6000 'A' characters, which when pasted into the 'Pattern to Find' and 'Advice Message' fields in the StyleWriter 4 1.0 software, causes it to crash.
TikiWiki contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input supplied to the f variable, which may allow a remote attacker to execute arbitrary PHP commands resulting in a loss of integrity.
The Epiphany Web Browser 3.28.1 is vulnerable to a Denial of Service (DoS) attack. By bookmarking a page with a malicious JavaScript code, an attacker can cause the browser to crash when the bookmark is accessed.
This exploit allows an attacker to perform SQL injection in the Twitter-Clone 1 application. It targets three vulnerable files: mailactivation.php, stalkers.php, and search.php. Each file has a different vulnerable parameter and uses different types of SQL injection techniques, including error-based and union query.
Services By CQR