The Palo Alto PAN-OS versions prior to 11.1.2-h3 are vulnerable to command injection and arbitrary file creation. An attacker can exploit this vulnerability to execute arbitrary commands and create files on the target system. This vulnerability has been assigned the CVE ID CVE-2024-3400.
SQL injection is a type of security vulnerability that allows attackers to manipulate the database queries of an application. By inserting SQL queries through input data, attackers can access sensitive information, modify data, perform administrative tasks, retrieve files, and in some cases, execute commands on the operating system.
The vulnerability of Broken Access Control allows unauthorized users to access the home page and perform operations like creating, updating, or deleting trackers without the need for credentials.
Stored Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into a web application's database, which are then executed when accessed by other users. This vulnerability affects parameters in 'Add Tracker' and 'Update Tracker' requests due to lack of input sanitization.
SQL injection vulnerability in Employee Management System 1.0 allows an attacker to manipulate database queries through user input fields `txtfullname` and `txtphone`. Successful exploitation can lead to data exfiltration, data manipulation, unauthorized administration operations, file system access, and potentially OS command execution.
The vulnerability allows attackers to manipulate SQL queries in the application's database by injecting malicious SQL code through the client-side input fields. Successful exploitation can lead to unauthorized access, data manipulation, administrative actions on the database, file system content retrieval, and potentially executing commands on the operating system.
The Proxmox VE TOTP Brute Force exploit allows an attacker to perform a brute force attack on the Time-based One-Time Password (TOTP) mechanism used in Proxmox VE. By continuously guessing TOTP codes, an attacker can potentially gain unauthorized access to the system. This vulnerability has been assigned the CVE ID CVE-2023-43320.
The Proxmox Virtual Environment (VE) is vulnerable to a Time-based One-Time Password (TOTP) brute force attack. By repeatedly guessing TOTP codes, an attacker can gain unauthorized access to the system. This vulnerability has been assigned CVE-2023-43320.
This exploit allows an attacker to sign up with admin privileges by making the admin visit a CSRF script.
This exploit allows an attacker to execute arbitrary SQL queries in the Dexter (CasinoLoader) Panel. By manipulating the 'page' parameter, an attacker can inject SQL code to retrieve sensitive information from the database.
Services By CQR