The Gemtek WVRTM-127ACN router with firmware version 01.01.02.141 is vulnerable to an authenticated arbitrary command injection. The vulnerability allows an authenticated attacker to inject and execute arbitrary commands on the router.
The file testbox/system/runners/HTMLRunner.cfm is vulnerable to command injection and can be exploited to obtain remote code execution on the remote host.
A Cross Site Scripting vulnerability is located in the Wordpress plugin WPForms which affects version 1.6.3.1 and other versions lower. To exploit the vulnerability it is necessary to be identified, the attacker could hide JavaScript code without the knowledge of the owner of the site.
The Joomla Plugin Simple Image Gallery Extended (SIGE) version 3.5.3 is affected by multiple vulnerabilities. These vulnerabilities allow an attacker to perform various actions, such as remote code execution, information disclosure, and privilege escalation.
A persistent cross-site scripting vulnerability was discovered in Froxlor Server Management Panel v0.10.16. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed by unsuspecting users.
The vulnerability laboratory core research team discovered a persistent xss web vulnerability in the Buddypress v6.2.0 plugin for wordpress.
The vulnerability laboratory core research team discovered a persistent cross site scripting web vulnerability in the official SugarCRM v6.5.18 web-application.
The Car Rental Management System 1.0 is vulnerable to SQL Injection through the 'car_id' parameter in the booking.php file and the 'id' parameter in the index.php file. An attacker can manipulate the parameters to execute unauthorized SQL queries and potentially retrieve sensitive information from the database.
The Car Rental Management System 1.0 is vulnerable to remote code execution. By uploading a malicious PHP file through the 'img' parameter, an attacker can execute arbitrary code on the server.
The PMB Gif Image is not sanitizing the 'chemin', which leads to Local File Disclosure.
Services By CQR