Critical Vulnerabilities with Public Exploits

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.

Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.

Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.

Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.

In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.

Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.

Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.

Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.

Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.

Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.

Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.

Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.