The RoyalTSX application version 6.0.1.1000 for macOS crashes due to a heap memory corruption issue. Specifically, the crash occurs when the SecureGatewayHost object in the RoyalTSXNativeUI processes a hostname with an array of approximately 1600 bytes and the 'Test Connection' function is activated. This results in an instant crash of the application.
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information such as login credentials. This vulnerability affects multiple versions of the Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.
WebCatalog before version 48.8 is vulnerable to arbitrary protocol execution due to calling the Electron shell.openExternal function without proper verification of the URL, allowing an attacker to execute code through arbitrary protocols on the victim's machine by tricking users into syncing pages with malicious URLs. This could result in bypassing security measures for malicious file delivery.
The Simple Inventory Management System v1.0 is susceptible to SQL Injection. The user inputs ($_POST['email'] and $_POST['pwd']) are directly inserted into the SQL query without adequate validation or sanitization, enabling potential manipulation by malicious users. This could lead to the injection of SQL code through specially crafted input, posing a significant security risk.
7 Sticky Notes v1.9 allows OS command injection via the 'Alarms' feature. By setting an alarm with a malicious command in the 'Action' field, an attacker can execute arbitrary commands on the underlying operating system.
Windows Defender usually blocks the execution of TrojanWin32Powessere.G, but a bypass using VBScript and ActiveX engine can allow the execution of malicious commands. By adding arbitrary text as the 2nd mshtml parameter, one can bypass the detection. For example, running rundll32 vbscript:"\\..\\mshtml\\..\\PWN\\..\\mshtml,RunHTMLApplication "+String(CreateObject("Wscript.Shell").Run("calc.exe"),0) can execute commands despite Windows Defender protection.
The 'cid' parameter in Fundraising Script-1.0 is vulnerable to SQL injection attacks. By injecting a payload like 'mysql' into the 'cid' parameter, an attacker can potentially manipulate the database and access sensitive information. This could lead to unauthorized access to donor information and bank accounts.
A file upload vulnerability in Petrol Pump Management Software v1.0 allows an attacker to run malicious code by uploading a specifically crafted payload to the email Image parameter in the profile.php component.
WhatsUp Gold 2022 (v.22.1.0 Build 39) is susceptible to a stored cross-site scripting (XSS) attack via the sysName SNMP parameter. An attacker can insert malicious scripts into the admin console by manipulating the SNMP device name. Once saved, the injected code executes in the admin user's context, potentially leading to data theft or unauthorized activities. This exploit can create a Powershell reverse shell connecting to the attacker at intervals.
The Simple Student Attendance System v1.0 is vulnerable to SQL Injection through the 'classid' parameter. An attacker can exploit this vulnerability using time-based blind and union-based techniques to manipulate the database.
Services By CQR
