The vulnerability in ManageEngine ADManager Plus Build < 7183 allows helpdesk technicians without backup/recovery privileges to view passwords of restored user accounts. This could lead to compromise of user accounts through password spraying attacks in the Active Directory environment. By configuring restore and recycle options in the Recovery Settings, deleted user accounts can be restored with a defined password.
An attacker can store malicious script into the 'Adress', 'Email id', or 'Contact Number' fields in the /admin/update-contactinfo.php page. When a user accesses the http://bbdms.local/inedx.php page, the stored XSS payload gets executed, triggering the XSS attack.
An attacker can inject malicious scripts into the 'Dashboard Redirect' field of WordPress Plugin Admin Bar & Dashboard Access Control version 1.2.8. When a user triggers the stored payload, the injected JavaScript executes, leading to a successful XSS attack.
SQL injection allows unauthorized access to data, data modification, and application crashing, which can result in financial losses and reputational damage. The vulnerability exists in the 'project', 'status', 'user_id', 'sort', and 'search' GET parameters in the /home/get_tasks_list path of taskhub 2.8.7.
The Neon Text plugin for WordPress versions 1.1 and below is prone to Stored Cross-Site Scripting vulnerability through the neontext_box shortcode.
The Proxmox VE TOTP Brute Force exploit allows an attacker to perform a brute force attack on the Time-based One-Time Password (TOTP) mechanism used in Proxmox VE. By continuously guessing TOTP codes, an attacker can potentially gain unauthorized access to the system. This vulnerability has been assigned the CVE ID CVE-2023-43320.
The exploit allows an attacker to bypass identity verification in VMware Cloud Director version 10.5. By exploiting the vulnerability (CVE-2023-34060), the attacker can execute commands on the target device using hardcoded credentials.
The exploit allows remote attackers to execute arbitrary code on a target system by uploading a malicious PHP file. This vulnerability affects WordPress Seotheme. CVE details are not available.
Lot Reservation Management System allows unauthenticated users to upload files, leading to remote code execution. This could potentially result in unauthorized access to the system and sensitive information.
The R Radio FM Transmitter version 1.07 is vulnerable to an improper access control issue that allows unauthenticated users to access the system.cgi endpoint and reveal the plaintext password of the admin user, facilitating authentication bypass and unauthorized access to FM station setup.
Services By CQR