The vulnerability allows an attacker to perform arbitrary SQL injections by manipulating the 'class' parameter in the 'products.php' page. By injecting a UNION SELECT statement, the attacker can retrieve sensitive information such as usernames and passwords from the 'admin' table.
There is a CSRF vulnerability in WUZHI CMS 4.1.0 that can add an admin account via index.php?m=core&f=power&v=add. After the administrator logs in, the exploit can be triggered by opening the CSRF exploit page.
The exploit involves a buffer overflow vulnerability in DVD X Player Standard version 5.5.3.9. By sending a specially crafted payload, an attacker can overwrite the SEH (Structured Exception Handler) to gain control of the program execution flow. This can lead to remote code execution and potential compromise of the system. The exploit has been tested on Windows XP SP3 x86.
The plugin Woocommerce CSV importer 3.3.6 allows any registered user to perform remote code execution. The vulnerability exists due to the lack of escaping in the $_POST['filename'] parameter. By sending a specially crafted request to the admin-ajax.php file, an attacker can unlink files on the server.
The KYOCERA Net Admin 3.4 application allows users to perform actions via HTTP requests without performing validity checks. This can be exploited to perform actions with administrative privileges if a logged-in user visits a malicious website.
KYOCERA Multi-Set Template Editor (part of Net Admin) suffers from an unauthenticated XML External Entity (XXE) injection vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data from the affected node via out-of-band (OOB) channel attack. The vulnerability is triggered when input passed to the Multi-Set Template Editor (kmmted.exe) called by the ActiveX DLL MultisetTemplateEditorActiveXComponent.dll is not sanitized while parsing a 5.x Multi-Set template XML file.
The vulnerability allows an attacker to execute arbitrary SQL commands on the affected system.
This vulnerability allows an attacker to execute arbitrary code on the target system. The vulnerability exists in the 'adodb-perf-module.inc.php' file, where user-supplied input is not properly sanitized before being passed to an 'eval' function. An attacker can exploit this vulnerability by sending a specially crafted request to the affected system, resulting in the execution of arbitrary PHP code.
There is a vulnerability. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
This exploit allows for remote code execution on LineageOS 14.1 (Android 7.1.2) devices that are not patched against the Blueborne vulnerability. It takes advantage of the CVE-2017-0781 vulnerability.
Services By CQR