The News Portal v4.0 software is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'name' parameter in the 'news-details.php' page. This can lead to unauthorized access to the database and potentially sensitive information leakage.
The XAMPP version 8.2.4 is vulnerable to an unquoted path vulnerability. This vulnerability allows an attacker to escalate their privileges by replacing a legitimate executable file with a malicious one. By exploiting this vulnerability, an attacker can execute arbitrary code with elevated privileges.
The Game Jackal Server v5 software on Windows 10 Pro has an unquoted service path vulnerability, which allows local attackers to gain elevated privileges via a Trojan horse executable file in the %SYSTEMDRIVE% folder.
The AVG Anti-Spyware 7.5 software on Windows 10 Pro has an unquoted service path vulnerability, which allows local users to gain privileges via a crafted executable file in the %SYSTEMDRIVE% folder.
Authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Titan File video transcoding software. The application parses user supplied data in the job callback url GET parameter. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP/DNS/File request to an arbitrary destination. This can be used by an external attacker for example to bypass firewalls and initiate a service, file and network enumeration on the internal network through the affected application.
An attacker can inject malicious JavaScript code through the vulnerable parameter (mc=) in the URL. This can lead to execution of arbitrary code in the victim's browser.
Silly sandbox escape. Frappe Framework uses the RestrictedPython library to restrict access to methods available for server scripts. The exploit requires the 'System Manager' role and the server config 'server_script_enabled' set to 'true'. It allows an authenticated attacker to create a new script, execute arbitrary code, and escape the sandbox.
This exploit takes advantage of an unquoted service path vulnerability in MiniTool Partition Wizard ShadowMaker v.12.7. By exploiting this vulnerability, an attacker can potentially gain elevated privileges on the target system.
Exploit to execute commands exploiting CVE-2022-22963
The Netlify CMS version 2.10.192 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can inject malicious code into the body field of a new post, which will be executed when the post is saved. This can lead to the execution of arbitrary code in the context of the user's browser, potentially allowing for further exploitation or data theft.
Services By CQR