The vulnerability of Broken Access Control allows unauthorized users to access the home page and perform operations like creating, updating, or deleting trackers without the need for credentials.
The exploit allows an attacker to traverse the directory structure and read sensitive files such as /etc/passwd on UPS Network Management Card 4 without authentication.
The exploit targets Microsoft Windows 10.0.17763.5458 and allows for a privilege escalation within the kernel. By exploiting this vulnerability, an attacker could potentially gain elevated privileges on the system.
SQL injection can allow unauthorized access to sensitive data, data modification, application crashes, and unavailability, leading to financial loss and reputational damage.
The exploit involves a Time-Based Blind SQL Injection vulnerability in Moodle's 'sort' parameter. By manipulating the 'sort' parameter, an attacker can extract sensitive information from the database. This exploit has been assigned the CVE-2021-36393.
The Positron Broadcast Digital Signal Processor TRA7005 is vulnerable to an authentication bypass that allows attackers to gain unauthorized access to protected areas of the application by manipulating the password management functionality. By exploiting this vulnerability, attackers can bypass Digest authentication, set a user's password to any value, or even remove it completely.
The exploit allows an attacker to bypass authentication and gain access to the Nagios XI application by manipulating SQL queries. This vulnerability has been assigned the CVE-2024-24401. By exploiting this vulnerability, an attacker can obtain sensitive information, modify data, or perform unauthorized actions.
By uploading a malicious PHP file in the Languages section of LeptonCMS 7.0.0, an authenticated attacker can execute arbitrary code on the server. This can lead to unauthorized access, data theft, or further compromise of the system. This vulnerability has not been assigned a CVE at the time of writing.
The vulnerability in GitLab CE/EE versions prior to 16.7.2 allows an attacker to perform a password reset on a user account without proper authorization. This could lead to unauthorized access to user accounts.
Craft CMS 4.0.0-RC1 through 4.4.14 allows unauthenticated remote attackers to execute arbitrary code via a crafted request. An attacker can leverage this vulnerability to extract sensitive information and potentially take control of the affected system. This vulnerability has been assigned the CVE-2023-41892.