The vulnerability exists due to insufficient validation of user-supplied input in the 'file' parameter of the 'admin-ajax.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in unauthorized access to sensitive information.
An arbitrary file upload vulnerability exists in Phone Shop Sales Managements System 1.0. An attacker can upload a malicious file to the server and execute arbitrary code. This can be exploited by sending a specially crafted HTTP POST request with a malicious file to the vulnerable application.
An authentication bypass vulnerability exists in Phone Shop Sales Managements System 1.0 due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to bypass authentication and gain access to the application.
An attacker can perform a system-level (root) local privilege escalation abusing unsafe Sudo configuration. sudo mount -o bind /bin/sh /bin/mount sudo mount -o remount,rw /
An unauthenticated attacker can send a malicious request to the /pages/save_user.php page and upload a malicious file such as a shell.php file. The attacker can then access the shell.php file and execute arbitrary commands.
An unauthenticated remote code execution vulnerability exists in Billing System Project 1.0. An attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
Any user can read files from the server without authentication due to an existing LFI in the following path: http://target//cgi-bin/show?page=FilePath. The exploit can be used by passing the URL and the file path as arguments to the script.
NETGEAR DGN2200v1 Unauthenticated Remote Command Execution is a vulnerability that allows an attacker to execute arbitrary commands on the target system without authentication. This vulnerability affects all versions of the DGN2200v1 prior to v1.0.0.60. It is estimated that around 7-10 other models might be or might have been vulnerable in the past. The exploit script only works on UNIX-based systems.
Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
PerfexCRM version 1.10 is vulnerable to stored cross-site scripting (XSS) in the 'State' field. An attacker can inject malicious JavaScript code into the 'State' field of the 'Clients' profile page. The malicious code will be executed when the victim visits the 'Clients' profile page.
Services By CQR