The Customer Support System 1.0 is vulnerable to stored XSS. An attacker can insert a malicious script in the "First Name" and "Last Name" fields of the user profile, which will be triggered when the user logs in with valid credentials.
This exploit takes advantage of the CVE-2020-3452 vulnerability in Cisco ASA and FTD software. It allows an attacker to download various files from the target system. The tool provided in the code attempts to download files listed in the 'files' variable. It is recommended to create a separate folder for the output files to avoid confusion when attacking multiple ASA systems.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
This exploit allows an authenticated user to perform SQL injection in LibreNMS version 1.46. By exploiting this vulnerability, an attacker can retrieve data from the database.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
The 'ref_no' parameter in the Courier Management System 1.0 is vulnerable to SQL Injection. By manipulating the 'ref_no' parameter in the request to the '/ajax.php?action=save_branch' page, an attacker can execute arbitrary SQL queries and potentially retrieve sensitive information from the database.
This exploit allows an attacker to execute blind SQL injection attacks on a target server running PixelPost 1.7. The exploit takes advantage of a vulnerability in the software and allows the attacker to retrieve sensitive information from the database.
The Medical Center Portal Management System 1.0 is vulnerable to multiple stored XSS attacks. By injecting malicious scripts into the name and description fields of the 'Add Medical Products' page or the 'Add New Hospital | Pharmacy' page, an attacker can execute arbitrary code whenever a user views the 'Medical Products' page.
The PDF Complete version 3.5.310.2002 is vulnerable to an unquoted service path vulnerability. This vulnerability could allow an attacker to gain escalated privileges by placing a malicious executable in the path of the service.
The vulnerability laboratory core research team discovered an insufficient session validation vulnerability in the VestaCP v0.9.8-26 hosting web-application. An attacker can exploit this vulnerability to gain unauthorized access and disclose sensitive information.
Services By CQR