Stored XSS has been discovered in the Online Inventory Manager created by bigprof/AppGini. The vulnerability exists in the editgroups section where an attacker can inject malicious JavaScript code into the description field. This code will be executed when viewing the groups page. The vulnerability also exists when creating a new group.
The 'CCSrvProxy' service in TexasSoft CyberPlanet 6.4.131 has an unquoted service path vulnerability, which could allow an attacker to escalate privileges and execute arbitrary code.
The SpotAuditor 5.3.2 software is vulnerable to a denial of service attack when a specially crafted 'Key' value is provided. By supplying a large number of characters, the software crashes. This vulnerability allows an attacker to disrupt the normal functioning of the software.
This will exploit an (authenticated) blind OS command injection vulnerability present in Solstice devices running versions of the firmware prior to 2.8.4.
With GHIA CamIP you can view your cameras in real time supports conventional IPC cameras, cameras with alarm, Video intercom and other devices. The vulnerability allows an attacker to crash the application by pasting a specific content in the 'Password' field.
This exploit allows an attacker to perform a remote SQL injection attack on zBlog v1.2. By manipulating the 'page' parameter in the URL, an attacker can inject SQL commands and retrieve sensitive information from the database, such as admin credentials. The vulnerability exists in the 'categ' and 'article' parameters.
This exploit allows an attacker to create a file with a long string of characters, causing SpotAuditor to crash when attempting to decrypt the characters. The exploit is performed by running a Python script that creates a file with a long string of characters, which is then copied and pasted into the 'Base64 Encrypted Password' field in SpotAuditor. This causes the software to crash.
This exploit allows an attacker to crash the PIX for Windows tools by running a specially crafted script that creates a file with the extension '.PIXrun'. When the file is opened in the software, it causes a crash.
The exploit allows an attacker to cause a denial of service (DoS) condition on InduSoft Web Studio 8.1 SP1. By pasting a large buffer of characters into the "No Redibujar"/"Deshabilitados" field, the application crashes, rendering it unavailable. This can be achieved by running the provided Python code or manually copying the content of the provided text file into the application.
The iNetTools application for iOS version 8.20 is vulnerable to a denial of service (DoS) attack. By providing a specially crafted input in the 'Domain Name' field of the 'Whois' feature, an attacker can cause the application to crash.
Services By CQR