The vulnerability in SISQUALWFM version 7.1.319.103 allows attackers to manipulate webpage links or redirect users to malicious sites by tampering with the host header. This specifically targets the /sisqualIdentityServer/core endpoint.
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain unauthorized access to sensitive information such as login credentials. This vulnerability affects various versions of Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.
The vulnerability in ManageEngine ADManager Plus Build < 7183 allows helpdesk technicians without backup/recovery privileges to view passwords of restored user accounts. This could lead to compromise of user accounts through password spraying attacks in the Active Directory environment. By configuring restore and recycle options in the Recovery Settings, deleted user accounts can be restored with a defined password.
An attacker can store malicious script into the 'Adress', 'Email id', or 'Contact Number' fields in the /admin/update-contactinfo.php page. When a user accesses the http://bbdms.local/inedx.php page, the stored XSS payload gets executed, triggering the XSS attack.
An attacker can inject malicious scripts into the 'Dashboard Redirect' field of WordPress Plugin Admin Bar & Dashboard Access Control version 1.2.8. When a user triggers the stored payload, the injected JavaScript executes, leading to a successful XSS attack.
The exploit allows an attacker to perform a blind SQL injection attack on JFrog Artifactory versions prior to 7.25.4. By capturing a valid request to a specific endpoint and replacing the cookies and headers, the attacker can extract sensitive information from the database.
SQL injection allows unauthorized access to data, data modification, and application crashing, which can result in financial losses and reputational damage. The vulnerability exists in the 'project', 'status', 'user_id', 'sort', and 'search' GET parameters in the /home/get_tasks_list path of taskhub 2.8.7.
The Neon Text plugin for WordPress versions 1.1 and below is prone to Stored Cross-Site Scripting vulnerability through the neontext_box shortcode.
The Proxmox VE TOTP Brute Force exploit allows an attacker to perform a brute force attack on the Time-based One-Time Password (TOTP) mechanism used in Proxmox VE. By continuously guessing TOTP codes, an attacker can potentially gain unauthorized access to the system. This vulnerability has been assigned the CVE ID CVE-2023-43320.
The exploit allows an attacker to bypass identity verification in VMware Cloud Director version 10.5. By exploiting the vulnerability (CVE-2023-34060), the attacker can execute commands on the target device using hardcoded credentials.
Services By CQR