This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro v1.2.4.
ChemInv suffers from a persistent cross-site scripting vulnerability(XSS). This vulnerability can be exploited to have all users of the system, with read access to the project, execute malicious client-side code; every time the users views the 'Projects' or 'Add Chemicals' tab. The application's source code mitigates SQL injection (SQLi), but fails to sanitize HTML and JavaScript injections to the SQL database.
Command injection in inSyncCPHwnet64 RPC service. Runs as nt authoritysystem, so we have a local privilege escalation.
There are two vulnerabilities in the Tribisur <= 2.0 script. The first vulnerability is in the 'liste.php' file, which can be exploited by passing a specially crafted parameter. The second vulnerability is in the 'cat_main.php' file, which can also be exploited by passing a specially crafted parameter. Both vulnerabilities allow an attacker to execute arbitrary SQL queries.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
This exploit allows an attacker to execute arbitrary code remotely on an Open-AudIT Professional v3.3.1 server. By injecting a payload into the configuration settings, the attacker can gain control over the server and execute commands. The vulnerability is identified by CVE-2020-8813.
The 'p' parameter in the product.php file of the Online shopping system advanced 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to retrieve sensitive information from the database.
The Netis E1+ router version 1.2.32533 contains a backdoor account that allows unauthorized access with root privileges. The backdoor account can be accessed using the credentials 'root:abSQTPcIskFGc:0:0:root:/:/bin/sh'. This vulnerability allows an attacker to gain full control over the router and potentially compromise the network.
This system does not check the file extension when user upload photo for avatar. So you can upload PHP file like: Sample PHP code: <? phpinfo(); ?>. Name of the file: Sample PHP File name: tester.php. When you want to try to upload the image to the avatar, just, try to change the file name and content.
Furukawa Electric ConsciusMAP 2.8.1 is prone to a Java deserialization vulnerability that allows remote attackers to execute arbitrary code.
Services By CQR