The vulnerability exists due to failure in the '/sql.php' script to properly verify the source of HTTP request. This Cross-Site Request Forgery (CSRF) allows an attacker to execute arbitrary SQL statement by sending a malicious request to a logged in user.
WatchDog Console suffers from multiple vulnerabilities: CVE-2018-10077 Authenticated XML External Entity (XXE), CVE-2018-10078 Authenticated Stored Cross Site Scripting (XSS), CVE-2018-10079 Insecure File Permissions
The vulnerability allows an attacker to inject SQL code into the application, potentially gaining unauthorized access to the database. The exploit provided demonstrates how to extract login credentials from the 'pfa_admin' table. This exploit only works if the 'magic_quotes_gpc' setting is turned off.
Attackers just need to construct a malicious login request packet,and send the packet to the server.The server can be pwned
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. The module can load msf PHP arch payloads, using the php/base64 encoder. The resulting RCE on Drupal looks like this: php -r 'eval(base64_decode(#{PAYLOAD}));'
The Helplink 0.1.0 show.php file is vulnerable to remote file inclusion. It includes a file based on the value of the 'file' parameter passed in the HTTP GET request without proper validation, allowing an attacker to include arbitrary files from remote servers.
The xxRegisterWndClasses function in the code above registers multiple window classes without checking for errors. This can lead to a memory corruption vulnerability.
This is a Windows Kernel exploit that allows an attacker to execute arbitrary code in kernel mode. It takes advantage of a vulnerability in the handling of a specific message (0x9F9F) by a window procedure. By sending a specially crafted message to a vulnerable window, an attacker can execute arbitrary code with the privileges of the kernel.
The Reaper 5.78 software is vulnerable to a local buffer overflow. By providing a specially crafted input, an attacker can execute arbitrary code within the context of the application.
The Raptr, Inc Plays TV Service installation process on Windows allows for arbitrary file execution by writing uncontrolled data using the /extract_files path. This can be exploited by an attacker with SYSTEM privileges to execute arbitrary files on the target system.
Services By CQR