The 'home-text-edit.php' file in NewsBee CMS 1.4 is vulnerable to SQL Injection. The 'id' parameter is not properly sanitized, allowing an attacker to execute arbitrary SQL queries.
This module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0 < 4.4.0-53, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on Linux Mint 17.3 (x86_64); Linux Mint 18 (x86_64); and Ubuntu 16.04.2 (x86_64) with kernel versions 4.4.0-45-generic and 4.4.0-51-generic.
The Mambads version 1.5 and below is vulnerable to SQL injection. An attacker can inject malicious SQL code through the 'caid' parameter in the 'index.php?option=com_mambads&Itemid=0&func=detail&cacat=1&casb=1&caid=' URL. This can lead to unauthorized access to the database and potentially sensitive information leakage.
The Siemens SIMATIC S7-1200 CPU family versions V2.X and V3.X are vulnerable to cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious script code into the 'filtervalue' parameter of the '/Portal/Portal.mwsl' page. This can lead to the execution of arbitrary code in the context of the victim's browser, potentially allowing the attacker to steal sensitive information or perform unauthorized actions.
The Zechat 1.5 application is vulnerable to SQL Injection and Cross Site Request Forgery (CSRF) attacks. The 'hashtag' parameter is susceptible to Union-based SQL Injection, allowing an attacker to extract information from the database. The 'v' parameter is vulnerable to Time-based Blind SQL Injection, enabling an attacker to execute arbitrary SQL queries. Additionally, the application is vulnerable to CSRF, which allows an attacker to change user's information without proper authentication.
This exploit targets R v3.4.4 and allows for a local buffer overflow, bypassing DEP (Data Execution Prevention). The exploit author, Hashim Jawad, discovered this vulnerability and provided a proof of concept.
This module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904).
This exploit allows an attacker to perform SQL injection in MDPro 1.0.76. The vulnerability is due to improper input validation in the application. An attacker can manipulate the input fields to execute arbitrary SQL queries, which can lead to unauthorized access, data manipulation, or information disclosure. The exploit works by injecting SQL statements into the application's database queries.
Abusing weak secret token and passing insecure parameter to File function.
This exploit allows an attacker to inject malicious code into a website that uses the Zenar Content Management System. By sending a crafted POST request to the /zenario/ajax.php endpoint, an attacker can execute arbitrary JavaScript code on the target site.
Services By CQR