The PCMan FTP Server 2.0 is vulnerable to a remote buffer overflow attack. By sending a specially crafted payload to the 'pwd' command, an attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability has been assigned the CVE ID CVE-2023-XXXX.
IBM i Access Client Solutions (ACS) is vulnerable to remote credential theft on Windows workstations with NT LAN Manager (NTLM) enabled. By creating UNC paths in ACS 5250 display terminal configuration files, attackers can point to a malicious server, capturing NTLM hash information when the user opens the file, leading to credential theft.
A severe vulnerability was found in WordPress Plugin Duplicator version 1.5.7.1. The flaw allows unauthorized access to sensitive data in the database and other information on the site, leading to potential brute force attacks on password hashes and complete system compromise. Exploiting this flaw poses a significant security risk.
The TP-LINK TL-WR740N router with version 3.12.11 Build 110915 Rel.40896n is vulnerable to multiple HTML injection issues. An attacker can inject malicious HTML code into the Target Description box under Access control settings, leading to potential cross-site scripting (XSS) attacks.
Electrolink FM/DAB/TV Transmitter devices with web versions 01.09, 01.08, 01.07, display versions 1.4, 1.2, and control unit versions 01.06, 01.04, 01.03 are vulnerable to a pre-authentication remote code execution flaw. An attacker can exploit this vulnerability by uploading a malicious MPFS image, leading to the execution of arbitrary code on the affected device.
The GL.iNet version 4.3.7 is vulnerable to remote code execution via the OpenVPN client. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system. This vulnerability has been assigned the CVE-2023-46454.
Unauthenticated users can exploit the Zoo Management System 1.0 by accessing the /zoomanagementsystem/admin/public_html/save_animal endpoint to upload malicious PHP files instead of animal images without any authentication.
SQL injection in Academy LMS 6.2 allows unauthorized access to sensitive data, data modification, and application crash. This can result in financial losses and harm a company's reputation. An attacker can exploit 'price_min' and 'price_max' parameters in the /academy/tutor/filter path to perform SQL injection attacks.
Automatic Systems SOC FL9600 FastLine V06 device contains hardcoded login credentials for the super admin account, which cannot be changed. An attacker can exploit this vulnerability to gain sensitive information using the following credentials: Login: automaticsystems, Password: astech. This vulnerability is identified as CVE-2023-37608.
Services By CQR