A denial of service vulnerability exists in VMware Workstation Pro/Player 15.x due to improper validation of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted ISO file to the application, resulting in a denial of service condition. This vulnerability affects Windows 10 Pro and Windows 7 Pro (SP1) with VMware® Workstation 15 Pro (15.5.6 build-16341506).
Pega Platform 8.1.0 is vulnerable to Remote Code Execution (RCE). An attacker can exploit this vulnerability by using MOGWAI LABS JMX Exploitation Toolkit and jython to install mbean for remote code execution and execute commands such as id and ifconfig.
The parameter `userimage` from Beauty-salon-2022 suffers from Web Shell-File Upload - RCE. NOTE: The user permissions of this system are not working correctly, and the function is not sanitizing well. The attacker can use an already created account from someone who controls this system and he can upload a very malicious file by using this vulnerability, or more precisely (no sanitizing of function for edit image), for whatever account, then he can execute it from anywhere on the external network.
The distribution suffers from an arbitrary file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
The application suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.
The application suffers from an unauthenticated live stream disclosure when /tpl/tv_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).
The application allows a remote attacker to change the root password of the system without authentication (disabled by default) and verification of previously assigned credential. Command execution also possible using several POST parameters.
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or control remotely the TV.
A vulnerability in Fortinet products allows an attacker to bypass authentication and gain access to the system. This vulnerability affects FortiOS from 7.2.0 to 7.2.1, FortiOS from 7.0.0 to 7.0.6, FortiProxy 7.2.0, FortiProxy from 7.0.0 to 7.0.6, FortiSwitchManager 7.2.0, and FortiSwitchManager 7.0.0. An attacker can exploit this vulnerability by sending a specially crafted request to the target system. Successful exploitation of this vulnerability can result in unauthorized access to the system.
The application is vulnerable to unauthenticated configuration download when direct object reference is made to the backup function using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.
Services By CQR