The exploit allows an attacker to execute remote code on the Karaf Console. By sending a crafted request, an attacker can open a reverse shell connection, giving them unauthorized access to the system. This vulnerability has been assigned the CVE identifier CVE-2023-XXXXX.
The TELSAT marKoni FM Transmitter 1.9.5 firmware contains a hidden super administrative account named 'factory' with a hardcoded password 'inokram25', providing unauthorized access to the web management interface configuration. This backdoor account is not visible in the user interface and the password cannot be changed through regular operations. By exploiting this vulnerability located in the /js_files/LogIn_local.js script file, attackers can gain full control over the device, allowing them to perform actions like unit configuration, parameter modification, EEPROM overwrite, clearing DB, and factory log modification.
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 are vulnerable to privilege escalation. This is due to improper ACLs of the non-default installation directory. An attacker with local access could exploit this by replacing binaries in the installation directory, allowing them to execute arbitrary commands and potentially gain elevated privileges on the system.
An authenticated path traversal vulnerability was found in OpenClinic GA version 5.247.01. By manipulating the 'Page' parameter in a GET request to 'main.do', an attacker can navigate to arbitrary directories and retrieve or execute files. This can lead to unauthorized access to sensitive information or facilitate more severe attacks.
Gibbon LMS v26.0.00 is vulnerable to PHP deserialization due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability has been assigned CVE-2024-24725.
The Stock Management System web application version 1.0 is vulnerable to an unauthenticated SQL Injection attack. This vulnerability allows remote attackers to extract sensitive information from the SQL database using an Error-Based Injection technique.
The MobileShop-master application is vulnerable to SQL Injection through the 'id' parameter in '/MobileShop-master/Details.php'. By exploiting this vulnerability, attackers can gain unauthorized access, manipulate data, and potentially exploit other database vulnerabilities. Prompt action is necessary to mitigate the risk and protect the application and its data.
SQL Injection vulnerability in Employee Management System version 1.0 allows attackers to execute arbitrary SQL commands through the admin_id parameter in update-admin.php. An attacker can manipulate the admin_id parameter to inject malicious SQL queries, leading to unauthorized access or data manipulation.
The exploit allows remote attackers to execute arbitrary code on Ruijie Switch PSG-5124 version 26293. By sending a malicious request to the target IP and port, an attacker can trigger the vulnerability and run commands on the device.
SQL injection is a type of security vulnerability that allows attackers to manipulate the database queries of an application. By inserting SQL queries through input data, attackers can access sensitive information, modify data, perform administrative tasks, retrieve files, and in some cases, execute commands on the operating system.
Services By CQR