All of the print and preview pages of EasyService Billing 1.0 have the same vulnerabilities. An attacker can use any of these parameters to inject SQL or XSS payloads.
Non-authorized users can perform the attack in the editing area. The SQL Injection payloads include boolean-based blind, error-based, AND/OR time-based blind and UNION query. The Cross-Site Scripting payload includes a malicious script.
NewsBee CMS 1.4 is vulnerable to SQL Injection. The vulnerability exists in the 'download.php' file, where the 'id' and 't' parameters are vulnerable to SQL Injection. The exploitation of this vulnerability can be done using boolean-based blind, error-based, AND/OR time-based blind and UNION query techniques. The exploitation of this vulnerability can lead to the compromise of the application and the underlying system.
Feedy RSS News Ticker 2.0 is vulnerable to SQL Injection. The vulnerability exists in the 'cat' parameter of the 'category.php' page. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the backend database. The vulnerability can be exploited using boolean-based blind and AND/OR time-based blind SQL injection techniques.
Auto car 1.2 is vulnerable to SQL Injection and Cross-Site Scripting. An attacker can exploit this vulnerability by sending a malicious payload to the 'car_title' parameter in the search-cars page. This payload will execute an XPATH query and return the username of the database. An attacker can also exploit the Cross-Site Scripting vulnerability by creating an account and sending a malicious payload in the 'name' parameter of the edit profile page. This will execute a JavaScript alert box in the page.
This exploit leads to unsigned code execution with kernel privilages. KVA Shadowing should be disabled and the relevant security update should be uninstalled. This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.
Speculative Execution Side-Channel Vulnerability is a type of vulnerability that exploits the speculative execution process of modern processors. It is a vulnerability that allows an attacker to access sensitive data from the processor’s memory by exploiting the speculative execution process. The attacker can use this vulnerability to gain access to sensitive data such as passwords, encryption keys, and other confidential information. The vulnerability is caused by the processor’s speculative execution process, which is used to improve performance by predicting which instructions will be executed and pre-executing them. This process can be exploited by an attacker to gain access to sensitive data.
The JavascriptNativeFloatArray::SetItem function does not check the double value given as the parameter. If the double value given as the parameter equals to JavascriptNativeFloatArray::MissingItem, it converts the float array to a var array. This can lead to type confusion.
This exploit is for Siemens SIMATIC S7-1500 CPU all versions before V1.6. It allows a remote attacker to send a malicious string to the vulnerable TCP port 102, which will cause a denial of service. The malicious string is 'some evil string '
ERPnext v11.x.x-develop is vulnerable to XSS like Stored, Reflected, Cookie, and possibly more. The vulnerability can be exploited by entering a malicious payload such as '><script>alert(1)</script>' into the 'Comment' field of the 'Form/Asset Repair/ARLOG-000015' page.
Services By CQR