Online Traffic Offense Management System contains a file upload vulnerability that allows for remote code execution against the target. This exploit requires the user to be authenticated, but a SQL injection in the login form allows the authentication controls to be bypassed. File uploaded from "/admin/?page=user" has no validation check and the directory it is placed in allows for execution of PHP code.
A stored cross-site scripting (XSS) vulnerability exists in Laundry Booking Management System 1.0. An attacker can inject malicious JavaScript code into the application by entering it into the address box or pasting it into the firstname and lastname fields. When a user visits the affected page, the malicious code will be executed in the user's browser.
Laundry Booking Management System 1.0 application is vulnerable to SQL injection via the 'id' parameter, which was not properly checked on the [edit_user.php,edit_customer.php,edit_order.php] page.
The id paramater is vulnerable to SQL injection. Going to http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=4'-- will throw errors on the web page. Using sqlmap with dump database, sqlmap -u "http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=4" --cookie="PHPSESSIONID=83ccd78474298cd9c3ad3def1f79f2ac" -D traffic_offense_db -T users --dump, will reveal the username and password of the users.
The content of the 'search' variable is printed on the page without being checked, leading to XSS. There is a stored XSS in '/charity/admin/maintenance/manage_topic.php' due to a failure to sanitize user input. The $id variable is used without being checked, leading to SQLi.
A buffer overflow vulnerability exists in crossfire-server 1.9.0 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to a lack of proper validation of user-supplied input before using it in a memory copy operation within the SetUp() function of the server. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
PHP Dashboards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
A vulnerability in Simple Image Gallery 1.0 allows an unauthenticated attacker to execute arbitrary code on the target system. This is due to the lack of authentication when uploading an avatar image, which allows an attacker to upload a malicious PHP file containing arbitrary code. This code can then be executed by accessing the malicious file via a web browser.
An authenticated user may be able to read data for which is not authorized, tamper with or destroy data, or possibly even read/write files or execute code on the database server. All four parameters passed via POST are vulnerable: `fname` is vulnerable both to boolean-based blind and time-based blind SQLi, `oname` is vulnerable both to boolean-based blind and time-based blind SQLi, `username` is only vulnerable to time-based blind SQLi, `status` is vulnerable both to boolean-based blind and time-based blind SQLi.
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
Services By CQR