The GL.iNet <= 3.216 allows remote code execution via the OpenVPN client. An attacker can exploit this vulnerability by adding a malicious configuration file and client to the OpenVPN, which can lead to unauthorized access and potential compromise of the device. This vulnerability has been assigned CVE-2023-46456.
The GL.iNet <= 4.3.7 allows an authenticated attacker to write arbitrary files via a crafted POST request, leading to unauthorized access. This vulnerability has been assigned CVE-2023-46455.
This exploit leverages a broken access control vulnerability in Atlassian Confluence servers, enabling an attacker to bypass authentication. By sending a specially crafted request, an unauthorized admin account can be created on the targeted Atlassian server.
The exploit allows for the execution of arbitrary commands, enabling the opening of a reverse shell connection on systems using OSGi v3.7.2 and earlier.
Multiple SQL injection vulnerabilities were found in Customer Support System 1.0. These vulnerabilities can be exploited by authenticated attackers to run arbitrary SQL commands through the parameters department_id, customer_id, and subject.
The code snippet demonstrates a C program that establishes a socket connection to a remote device with IP address 192.168.1.10 on port 8888. It then sends a command 'id' to the device, which is executed with root privileges. This vulnerability could be exploited by an attacker to remotely execute arbitrary commands on the target device.
The exploit allows an attacker to access sensitive files like /etc/shadow on TP-Link TL-WR740N routers with firmware version 3.12.11 Build 110915 Rel.40896n. This can lead to unauthorized access and potential compromise of the device. This vulnerability has not been assigned a CVE yet.
The exploit allows an attacker to execute remote code on Elasticsearch versions 8.5.3 and OpenSearch. By sending a crafted payload within a search query, an attacker can trigger the vulnerability. This exploit is linked to CVE-2023-31419.
The 'bookid' parameter in Online Nurse Hiring System 1.0 is vulnerable to Time-Based SQL Injection. An attacker can exploit this vulnerability to manipulate the SQL query and cause delays in response.
The 'id' parameter in PHP Shopping Cart-4.2 is vulnerable to SQL injection attacks. By manipulating the 'id' parameter, an attacker can easily retrieve sensitive information from the database of the web application.
Services By CQR