This web application contains several SQL injection vulnerabilities in the following paths: http://localhost/editgroup.php?id=1, http://localhost/edituser.php?id=1, http://localhost/editcategory.php?id=10, http://localhost/editproduct.php?id=1, http://localhost/editsales.php?id=1. The vulnerable code is in the editgroup.php file where the 'id' parameter is not properly sanitized before being used in a SQL query.
This exploit targets the 'SetMouseCapture' function in Microsoft Internet Explorer 8. By triggering a use after free vulnerability (CVE-2013-3893), an attacker can execute arbitrary code on a vulnerable system. The exploit bypasses DEP and ASLR using the MSVCR71.DLL library. The PoC for this exploit can be found at the given GitHub link.
This exploit targets a buffer overflow vulnerability in the AddFile() function of Persits XUpload 3.0. It allows an attacker to execute arbitrary code on the target system. The vulnerability was discovered by David Kierznowski and the exploit was written by e.b. The exploit has been tested on Windows XP SP2 (fully patched) with English language, IE6, and xupload.ocx version 3.0.0.4.
This exploit allows an authenticated attacker to execute arbitrary code on the target system. The vulnerability exists in Microweber CMS version 1.1.20 and earlier. By exploiting this vulnerability, an attacker can upload a malicious payload and execute it on the target system. The exploit script provided in the example usage section demonstrates how to exploit this vulnerability.
The game suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the processing of a UPK format file, which can be exploited to cause a stack buffer overflow when a user crafts the file with a large array of bytes inserted in the vicinity offset after the magic header. Successful exploitation could allow execution of arbitrary code on the affected machine.
The software allows you to store payloads within its own editor, as well as upload (.md) files once malicious code is entered, the payload will be executed immediately. The attacker can send a malicious file with the payload, when this file is opened, the chain will be executed successfully giving access to the remote attacker to get remote execution on the computer.
This exploit script allows an attacker to enumerate usernames in a GitLab CE instance.
The Custom JS v0.1 plugin for GetSimple CMS suffers from a Cross-Site Request Forgery (CSRF) attack that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators browsers, which results in Remote Code Execution (RCE) on the hosting server, when an authenticated administrator visits a malicious third party website.
The exploit allows for privilege escalation from student to administrator by exploiting a persistent cross-site scripting (XSS) vulnerability (CVE-2019-3810) in Moodle version 3.6.1. The exploit involves uploading an XSS payload and manipulating the first name and surname fields to execute malicious code. If successful, the attacker's account will be added as an administrator.
This exploit allows an attacker to inject malicious code into the 'file' parameter of the Kirby CMS API, leading to Cross-Site Scripting (XSS) attacks.
Services By CQR