A SQL injection vulnerability was discovered in OS4Ed Open Source Information System Community version 9.1. By manipulating the 'X-Forwarded-For' header parameters in a POST request to /Ajax.php, an attacker can execute malicious SQL queries.
dizqueTV version 1.5.3 is susceptible to a remote code execution vulnerability that allows attackers to execute unauthorized commands remotely. By manipulating the FFMPEG Executable Path in the settings to include a malicious command like "; cat /etc/passwd && echo 'poc'", an attacker can view the content of /etc/passwd.
The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.
The vulnerability exists in NoteMark version 0.13.0 and below. By injecting a malicious payload into a note and rendering it using the 'Rendered' tab, an attacker can execute arbitrary JavaScript code in the context of the user's session.
The exploit targets Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189, allowing an attacker to cause denial-of-service. By corrupting the tcpip.sys memory per batch, the attacker can disrupt the normal functioning of the system. This vulnerability is identified as CVE-2024-38063.
A Remote Code Execution (RCE) vulnerability was found in the DICOM file import process of Invesalius 3. This vulnerability affects versions 3.1.99991 to 3.1.99998. By utilizing a specially crafted DICOM file, an attacker can execute arbitrary code on the victim's system.
Gitea version 1.22.0 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This security flaw enables a malicious actor to insert harmful scripts that are stored on the server and run within the context of another user's session.
The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. An attacker can exploit this vulnerability to manipulate device configuration settings and reveal hidden functionalities without authentication.
The Elber Wayber Analog/Digital Audio STL version 3.0.0 and below, including Firmware versions 4.00 Rev. 1501, 4.00 Rev. 1516, and 3.00 Rev. 1350, are vulnerable to an authentication bypass. By exploiting this vulnerability, an attacker can gain unauthorized access to the password management functionality, allowing them to change passwords for any user in the system. This unauthorized access compromises the security of the device.
Elber Wayber Analog/Digital Audio STL 4.00 devices are vulnerable to unauthenticated device configuration and disclosure of hidden functionalities on the client-side. An attacker can exploit this issue to modify device configurations without authentication and reveal hidden functionalities that are not intended for regular users.