The OpenPanel version 0.3.4 is vulnerable to directory traversal. By exploiting this vulnerability, an attacker can traverse the directories outside the intended location and gain unauthorized access to sensitive files. This vulnerability has been assigned CVE-2024-53537.
The vulnerability in Moodle version 4.3 allows an authenticated user to access different user details, email addresses, country, city/town, city, and timezone by manipulating the 'id' parameter in URLs like profile.php?id=11. By changing the 'id' value to another number, the attacker can view information of other users on the platform.
The vulnerability in Moodle version 4.3 allows an attacker to access user details, email addresses, country, city/town, city, and timezone by manipulating the 'id' parameter in URLs like profile.php and user.php. By changing the 'id' value to another number, the attacker can view sensitive information of other users.
The exploit allows an attacker to overflow the buffer in the 'Copy disc to image file' function of Anyburn version 4.3. By providing a specially crafted file name, an attacker can execute arbitrary code on the target system. The exploit takes advantage of a buffer overflow vulnerability and uses a unicode mixed shellcode to bypass security measures. The shellcode spawns the Windows calculator application (calc.exe) as a proof of concept.
This vulnerability allows an attacker to inject a malicious script directly into a vulnerable web application. In the case of nopCommerce Store 4.30, the XSS payload can be injected in Schedule tasks. When a user visits the page with the injected payload, the XSS is triggered, allowing the attacker to steal cookies.
ModernBill is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'aid' parameter. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
ModernBill is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script.
A vulnerability in AOL Instant Messenger (AIM) allows an attacker to store imported Buddy Icons in a predictable location on client systems. This could allow an attacker to facilitate further attacks which could eventually lead to execution of arbitrary code. The vulnerability has been tested on AIM versions 4.3 to 5.5, however, other versions may be affected as well.
It has been reported that Powerslave Portalmanager is prone to an information disclosure issue that may allow remote attackers to gain access to sensitive information about the underlying database structure. The problem is reported to exist in the sql_id parameter. An attacker may insert malformed SQL queries in sql_id, resulting in the software generating an error message and disclosing sensitive database information. Although unconfirmed attackers may also be able to execute arbitrary SQL commands under certain circumstances.
Multiple Remote SQL Injection Vulnerabilities exist in Enigma Haber <= 4.3. An attacker can exploit these vulnerabilities to gain access to sensitive information such as passwords, usernames, emails, etc. The vulnerable parameters are 'id', 'yo', 'ara', 'ko', 'k', 'd', 'e', 'ay', 'yil', 'e_kad', 'yid', 'bid', 'hid', 'o', 'kid', 'tur', 's'. An attacker can send malicious SQL queries to the vulnerable parameters to gain access to sensitive information.
Services By CQR