This module exploits a unauthenticated command execution vulnerability in TerraMaster TOS. The 'Event' parameter in 'include/makecvs.php' contains a vulnerability. 'filename' is executing command on system during '.csv' creation. In order to do this, it is not necessary to have a session in the application. Therefore an unathenticated user can execute the command on the system.
Fifteen WordPress themes use a vulnerable version of epsilon-framework that is vulnerable to a critical unauthenticated function injection vulnerability, due to the lack of capability and CSRF nonce checks in AJAX actions.
This exploit takes advantage of a buffer overflow vulnerability in 10-Strike Network Inventory Explorer Pro version 9.05. By sending a specially crafted payload, an attacker can cause a buffer overflow and potentially execute arbitrary code.
Remote buffer overflow in Digital Data Communications RtspVaPgCtrl Class (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a crafted website.
This module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840. s/(-)|(.)/string/g; escape is not enough for prevention. Therefore, since the package name variable is placed directly in the system command, we can manipulate it using some escape characters that HTTP supports. For example, we can escape control by dropping the command line down one line. We can do this with "%0A" and "%0C" urlencoded row values. Also, for paylad to work correctly, we must add double an ampersand(&&) to the end of the payload (%26%26)
This exploit allows an attacker to execute arbitrary script code in the Point of Sale System 1.0 application. The vulnerability can be triggered by injecting a malicious script in various fields of the application, including the Suppliers, Customers, and Products pages. When the injected script is executed, it can lead to unauthorized access, data theft, or other malicious activities.
The Alumni Management System 1.0 is vulnerable to SQL Injection. By manipulating the 'id' parameter in the 'view' or 'edit' event page, an attacker can inject malicious SQL queries, leading to information disclosure.
The Alumni Management System 1.0 is vulnerable to a stored XSS attack in the "Course Form" field. By injecting the payload "<script>alert("course")</script>" as the name of a new course, an attacker can trigger the XSS payload, which will be executed whenever the "Course List" page is accessed.
The Interview Management System 1.0 is vulnerable to SQL Injection through the 'id' parameter. An attacker can exploit this vulnerability to perform various attacks such as information disclosure of all database contents.
The application is vulnerable to SQL Injection in the 'id' parameter. By manipulating the 'id' parameter in the URL, an attacker can execute arbitrary SQL queries and potentially gain unauthorized access to the database.
Services By CQR