CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.
Online Railway Reservation System 1.0 is vulnerable to multiple stored cross-site scripting (XSS) attacks. An unauthenticated attacker can inject malicious JavaScript code into the 'about_us' and 'train_code' parameters of the application, which will be stored in the application's database. When a user visits the 'about_us' or 'train' page, the malicious JavaScript code will be executed in the user's browser.
An unauthenticated user can create an admin account by sending a POST request to the Users.php file with the required parameters. This allows the user to gain access to the admin panel of the Online Railway Reservation System 1.0.
A vulnerability exists in the Online Railway Reservation System 1.0, which allows an unauthenticated attacker to execute arbitrary code on the vulnerable system. This is achieved by sending a malicious POST request to the SystemSettings.php file, which contains a payload that is executed by the vulnerable system. The attacker can then view the output of the command by sending a GET request to the orrs/ directory.
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to it's database. Online Railway Reservation System v1.0 is vulnerable to SQL injection via the 'id' parameter on the Reservation Form. An attacker can compromise the database of the application using some automated(or manual) tools like SQLmap. Steps of reproduce: Step-1: Navigate to 'Schedule' > go to 'Book' or 'Revervation Form' page using the following URL: http://localhost/orrs/?page=reserve&sid=1 Step-2: Put the SQL Injection payloads in 'id' field. In this we used time-based blind payload: /orrs/?page=reserve&sid=1') AND (SELECT 6842 FROM (SELECT(SLEEP(5)))UsWr) AND ('WBCm'='WBCm Step-3: Now, the Server target accepted our payload and the response got delayed by 5 seconds.
There is a stored XSS in the 'Zip content' feature of the HTTP commander application. The vulnerable field is the filename of the files inside the zip. This vulnerability exists in 3.x of the HTTP commander application.
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Online Veterinary Appointment System 1.0 is vulnerable to 'Multiple' SQL injections.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'tab' parameter of the 'admin.php' script. A remote authenticated attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Gerapy prior to version 0.9.8 is vulnerable to remote code execution. This issue is patched in version 0.9.8. An attacker can exploit this vulnerability by sending a malicious payload to the application which will execute arbitrary code on the server.
TermTalk Server 3.24.0.2 is vulnerable to an unauthenticated arbitrary file read. An attacker can send a specially crafted HTTP request to the server to read any file on the system. This can be done by sending a request to the ‘/file’ endpoint with the ‘valore’ parameter set to the path of the file to be read. For example, sending a request to ‘/file?valore=../../../../WINDOWS/System32/drivers/etc/hosts’ will return the contents of the ‘hosts’ file.
Services By CQR