Attacker can bypass login page and access the dashboard page by injecting the payload in the email and password fields.
The parameter 'doctorspecilization' in the Hospital Management System 4.0 is vulnerable to persistent and stored cross-site scripting (XSS) attacks. An attacker can inject malicious script code into the application, which will be executed whenever the vulnerable page is viewed.
The Hospital Management System 4.0 web application is vulnerable to SQL injection in multiple areas, specifically in the 'searchdata' parameter under the search feature in the doctor login.
This is an exploit for a stack overflow vulnerability in BadBlue 2.72. It allows an attacker to execute arbitrary code on the target system.
This exploit targets two vulnerabilities in FreeBSD-SA-19:15.mqueuefs and FreeBSD-SA-19:24.mqueu. It is a root exploit for FreeBSD mqueuefs vulnerabilities. The exploit involves modifying the libmap.conf file and creating temporary files during exploitation. It also utilizes specific cores and syscalls from mqueuefs.
The Joomla Component mosDirectory 2.3.2 is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability to include a remote file and execute arbitrary code on the target system.
Heatmiser Net Monitor v3.03 allows HTML Injection via the outputSetup.htm outputtitle parameter. The HTML Injection vulnerability was discovered in v3.03 version of Net Monitor from the Heatmiser manufacturer. This vulnerability is vulnerable to hardware that use this software.
It has been discovered that in the v1.09 version of Image Monitor from RICOH, HTML Injection can be run on the /web/entry/en/address/adrsSetUserWizard.cgi function. This vulnerability affected all hardware that uses the entire Image Monitor v1.09.
An HTML Injection vulnerability has been discovered on the RICOH SP 4510SF via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
The exploit triggers a stack overflow vulnerability in Domain Quester Pro 6.02. By pasting a specially crafted payload into the 'Domain Name Keywords' textbox, an attacker can cause the program to freeze and a bind shell to be opened on TCP port 9999, allowing for remote code execution.
Services By CQR