addressbook 9.0.0.1 is vulnerable to time-based blind SQL injection. The vulnerability allows an attacker to manipulate the 'id' parameter in the URL to execute arbitrary SQL queries.
This exploit allows an attacker to execute arbitrary code on a system running Frigate 3.36. By generating a specially crafted 'test.txt' file and copying its contents to the clipboard, an attacker can trigger a buffer overflow when pasting the contents into Frigate3's 'Find Computer' feature. This results in the execution of the Windows calculator application.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
This vulnerability allows an attacker to inject malicious script into a vulnerable parameter named 'name' in the osTicket application, which can lead to the execution of arbitrary code in the context of the user's browser. By exploiting this vulnerability, an attacker can obtain the cookie information of the target user.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro v1.2.4.
ChemInv suffers from a persistent cross-site scripting vulnerability(XSS). This vulnerability can be exploited to have all users of the system, with read access to the project, execute malicious client-side code; every time the users views the 'Projects' or 'Add Chemicals' tab. The application's source code mitigates SQL injection (SQLi), but fails to sanitize HTML and JavaScript injections to the SQL database.
Command injection in inSyncCPHwnet64 RPC service. Runs as nt authoritysystem, so we have a local privilege escalation.
There are two vulnerabilities in the Tribisur <= 2.0 script. The first vulnerability is in the 'liste.php' file, which can be exploited by passing a specially crafted parameter. The second vulnerability is in the 'cat_main.php' file, which can also be exploited by passing a specially crafted parameter. Both vulnerabilities allow an attacker to execute arbitrary SQL queries.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
This exploit allows an attacker to execute arbitrary code remotely on an Open-AudIT Professional v3.3.1 server. By injecting a payload into the configuration settings, the attacker can gain control over the server and execute commands. The vulnerability is identified by CVE-2020-8813.