The vulnerability laboratory core research team discovered a remote sql-injection web vulnerability in the Simplephpscripts Simple CMS v2.1 web-application.
The vulnerability laboratory core research team discovered a persistent input validation vulnerability in the PHPJabbers Simple CMS v5.0 web-application.
This exploit targets a buffer overflow vulnerability in 10-Strike Network Inventory Explorer Pro version 9.31. By sending a specially crafted payload, an attacker can trigger a buffer overflow condition, potentially allowing for arbitrary code execution.
This exploit takes advantage of a buffer overflow vulnerability in YouTube Video Grabber version 1.9.9.1. By running a Python code, an attacker can trigger the overflow and gain control over the program. The exploit involves opening a malicious file, which leads to the execution of arbitrary code and the creation of a bind shell on port 3110.
This module exploits an arbitrary command execution vulnerability in Ericsson Network Location Mobile Positioning Systems. The 'export' feature in various parts of the application is vulnerable. It allows command injection with preventions bypass operation.
The vulnerability allows an attacker to store malicious JavaScript payload in the database which gets executed when triggered, resulting in a pop-up.
By default, the Authenticated Users group has the modify permission to Gestionale Open folders/files. A low privilege account can rename the mysqld.exe file located in the bin folder and replace it with a malicious file that would connect back to an attacking computer, giving system level privileges. The service running as Local System allows the execution of the malicious file when the computer is restarted. The application also has unquoted service path issues.
This exploit allows an attacker to retrieve sensitive information from the web.xml file in Jetty 9.4.37.v20210219 and 9.4.38.v20210224 versions. By sending a specially crafted HTTP request, an attacker can access the web.xml file containing configuration details and potentially sensitive information.
The NIMax software version 5.3.1f0 is vulnerable to a local denial of service (DoS) attack. By adding a specially crafted alias and triggering the 'ok' button, the application crashes, resulting in a denial of service condition. This PoC demonstrates the vulnerability by creating a file with a large number of 'A' characters and using it as a resource name.
The NIMax software version 5.3.1 is vulnerable to a local Denial of Service (DoS) attack. By creating a specially crafted file, an attacker can cause the NIMax application to crash, resulting in a denial of service condition.