The WordPress Plugin Motopress Hotel Booking Lite version 4.2.4 is vulnerable to SQL Injection. The vulnerability exists in the sync-urls-repository.php file, where the room_id, sync_id, and calendar_url parameters are vulnerable to SQL injection.
A command injection vulnerability exists in the Razer Sila router. An attacker can send a malicious POST request to the router's ubus service, which allows them to execute arbitrary commands with root privileges. The attacker can send a POST request containing a JSON-RPC call with the command parameter set to the command they wish to execute.
Razer Sila is vulnerable to a Local File Inclusion (LFI) vulnerability. An attacker can send a malicious POST request to the router's ubus service, which will allow the attacker to read any file on the router. This can be used to gain access to sensitive information such as the router's password file.
An arbitrary file deletion vulnerability exists in Telesquare TLR-2855KS6. A remote attacker can send a specially crafted HTTP request to the vulnerable device to delete arbitrary files. This can be exploited to delete critical system files and cause a denial of service.
An arbitrary file creation vulnerability exists in Telesquare TLR-2855KS6. An attacker can send a specially crafted HTTP request to the vulnerable device to create a file with arbitrary content. This could allow an attacker to gain access to the device and execute malicious code.
An Insecure Direct Object Reference (IDOR) vulnerability exists in SAM SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R, which allows an attacker to access unauthorized data by manipulating the username parameter in the request. This can be exploited by sending a specially crafted request with a manipulated username parameter to the vulnerable application.
MiniTool Partition Wizard is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path of the application. The service path is not properly quoted, allowing an attacker to inject malicious code into the service path and gain elevated privileges.
binutils 2.37 is vulnerable to a segmentation fault when processing a specially crafted payload file. This can be exploited by an attacker to cause a denial of service or potentially execute arbitrary code.
A malicious php code is uploaded to the Apache web directory of the KRAMER VIAware. The code is then used to query the webshell using rpm as sudo for root privileges.
The application has an update password feature which has a CSRF vulnerability that allows an attacker to change the password of any arbitrary user leading to an account takeover.
Services By CQR