This exploit allows an attacker to execute arbitrary code remotely on a system running Webutler CMS v3.2. By uploading a specially crafted phar file, the attacker can trigger the execution of arbitrary PHP code, in this case, printing the contents of the /etc/passwd file. This vulnerability can be used to gain unauthorized access to sensitive information or further compromise the system.
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
This exploit allows an attacker to bypass authentication on Shelly PRO 4PM devices with firmware version v0.11.0. By sending specific payloads, the attacker can gain unauthorized access to the device.
An arbitrary file upload vulnerability in Campcodes Online Matrimonial Website System Script v3.3 allows attackers to execute arbitrary code via uploading a crafted SVG file.
SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation.
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
The attacker can send to victim a link containing a malicious URL in an email or instant message and can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
Services By CQR