Revenue Collection System v1.0 suffers from an unauthenticated SQL Injection Vulnerability, in step1.php, allowing remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result of that command.
Helmet Store Showroom v1.0 suffers from SQL injection on the login page which leads to authentication bypass of the admin account. The username parameter is vulnerable to SQLi in login page.
Some help files are missing in non-English versions of Internet Download Manager. Help files with the extension '.chm' prepared in the language used are downloaded from the internet and run, and displayed to users. This download is done over HTTP, which is an insecure protocol. An attacker on the local network can spoof traffic with a MITM attack and replaces '.chm' help files with malicious '.chm' files. IDM runs '.chm' files automatically after downloading. This allows the attacker to execute code remotely. It also uses HTTP for checking and downloading updates by IDM. The attacker can send fake updates as if the victim has a new update to the system.
The DSL-124 Wireless N300 ADSL2+ Modem Router is a versatile, high-performance router for a home or small office, With integrated ADSL2/2+, supporting download speeds up to 24 Mbps, firewall protection, Quality of Service (QoS),802.11n wireless LAN, and four Ethernet switch ports, the Wireless N300 ADSL2+ Modem Router provides all the functions that a user needs to establish a secure and high-speed link to the Internet. After the administrator enters and a new session is created, the attacker sends a request using the post method in her system, and in response to sending this request, she receives a complete backup of the router settings, In fact this happens because of the lack of management of users and sessions in the network.
Outline V1.6.0 is vulnerable to Unquoted Service Path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the OutlineService service not being properly quoted. An attacker can exploit this vulnerability by creating a malicious service with the same name as the OutlineService service and placing it in the same directory as the legitimate service. The malicious service will then be executed with elevated privileges.
Inbit Messenger v4.9.0 is vulnerable to unauthenticated remote command execution (RCE). An attacker can send a specially crafted packet to the target server to execute arbitrary commands on the target system. The packet contains a client build number of 4601 for v4.6.0. The server responds with the build number of the target system. The attacker can then use this build number to calculate the address of the WinExec function in the IMS.EXE module. The attacker can then send a specially crafted packet containing the address of the WinExec function and the command to be executed. The command is limited to a maximum length of 0xfc64 bytes.
It is possible to include the php file with the phar extension when uploading the image. Rce is triggered when we visit it again. File upload error may occur, but this does not mean that the file is not uploaded and the file location is shown in the error
TinyWebGallery v2.5 is vulnerable to stored cross-site scripting (XSS). An attacker can exploit this vulnerability by logging into an account, going to http://localhost/twg25/index.php?twg_album=3_youtube.com&twg_show=Q4IPe8_Bo7c.jpg, editing the folder name section to <script>alert(4)</script>, and then going to http://localhost/twg25/index.php?twg_album=3_youtube.com.
The vulnerability occurs when 2 or more &'s are sent to the server in a row ('/PRESENTATION/HTML/TOP/INDEX.HTML') causing it to shutdown.
Online Clinic Management System 2.2, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability via the /clinic/medical_records_view.php, in FirstRecord parameter, GET and POST request and Reflected Cross-Site Scripting (XSS) vulnerability via the /clinic/events_view.php, in FirstRecord parameter and Reflected Cross-Site Scripting (XSS) vulnerability via the /clinic/disease_syndromes_view.php, in FirstRecord parameter.
Services By CQR