The Diagnostics Hub Packaging library, used by Windows Standard Collector Service, can be forced to copy an arbitrary file to an arbitrary location due to lack of client impersonation in DiagnosticsHub.StandardCollector.Runtime.dll.
This exploit creates a file with a large payload, causing the Textpad software to crash when the payload is pasted into the 'Command' field.
This exploit allows an attacker to upload arbitrary files to the KingMedia CMS. By uploading a malicious file, an attacker can execute arbitrary code on the target system.
This exploit allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability in Project64 version 2.3.2. By creating a specially crafted file and manipulating the 'Plugin Directory' field, an attacker can trigger a buffer overflow and gain control over the program's execution flow.
WordPress Ninja Forms plugin version 3.3.13 and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of forms and these commands are executed when a user with greater privilege exports the data in CSV and opens that file on his machine.
Many Hikvision IP cameras contain a backdoor that allows unauthenticated impersonation of any configured user account. The vulnerability has been present in Hikvision products since at least 2014. In addition to Hikvision-branded devices, it affects many white-labeled camera products sold under a variety of brand names. Hundreds of thousands of vulnerable devices are still exposed to the Internet at the time of publishing. In addition to gaining full administrative access, the vulnerability can be used to retrieve plain-text passwords for all configured users.
The Twitter-Clone 1 application is vulnerable to SQL Injection in the 'userid' parameter in the 'follow.php' and 'index.php' files. An attacker can exploit this vulnerability to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
This exploit allows remote attackers to inject SQL queries and retrieve sensitive information from the database. The vulnerability exists in the newsletter module of KwsPHP version 1.0. The exploit takes advantage of the magic_quotes_gpc setting being turned off. By manipulating the 'newsletter' parameter in the index.php file, an attacker can execute arbitrary SQL queries and retrieve data from the 'users' table. The extracted data includes the username and password of the admin user with ID 1. The exploit also demonstrates the ability to inject malicious code and save it as a file on the server.
This exploit script creates a file with a large payload and then uses it to crash the Prime95 software. By pasting the payload into a specific field in the program, it causes a crash.
This exploit creates a file named 'exploit.txt' with a payload of 4000 bytes filled with 'A' characters. When the user opens the Restorator software and pastes the content of 'exploit.txt' into the 'Name' field, the program crashes.
Services By CQR