A Cross-Site Request Forgery (CSRF) vulnerability exists in FatPipe Networks WARP/IPVPN/MPVPN 10.2.2. An attacker can add an administrator account via CSRF.
XAMPP versions < 7.2.29, 7.3.x < 7.3.16 & 7.4.x < 7.4.4 are vulnerable to local privilege escalation. An attacker can exploit this vulnerability by replacing the xampp-control.ini file with a malicious payload. This will allow the attacker to gain elevated privileges on the system.
This exploit allows an attacker to inject counterfeit routers into a Cisco small business RV130W 1.0.3.44 router. The exploit uses scapy to craft a VRRPv3 packet containing the IP address of the counterfeit router, and an EIGRP packet containing the IP address of the counterfeit router. The packets are then sent to the router using the scapy sendp function. This allows the attacker to inject a counterfeit router into the router's routing table.
The Library System 1.0 application from Yahoobaba is vulnerable to SQL injection via the 'student_id' parameter on the student.php page. The 'student_id' parameter is vulnerable to SQL injection, it was also tested, and an authenticated user has the full ability to run system commands via --os-shell and fully compromise the system.
Wappointment is prone to Stored Cross Site Scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability by sending a malicious payload in the 'name' parameter of the POST request. This will allow the attacker to execute arbitrary JavaScript code in the context of the vulnerable application.
Specially crafted payload will trigger a Stack Buffer Overflow in the NT Windows "cmd.exe" commandline interpreter. Requires running an already dangerous file type like .cmd or .bat. However, when cmd.exe accepts arguments using /c /k flags which execute commands specified by string, that will also trigger the buffer overflow condition.
Pharmacy Point of Sale System v1.0 Login can be bypassed with a simple SQLi. An attacker can send a specially crafted HTTP POST request with a username and password parameter containing a SQL injection payload. This payload will bypass the authentication and allow the attacker to gain access to the system.
This file disclosure all agents id and first name and second name
The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue.
WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR