The vulnerability in Moodle version 4.3 allows an authenticated user to access different user details, email addresses, country, city/town, city, and timezone by manipulating the 'id' parameter in URLs like profile.php?id=11. By changing the 'id' value to another number, the attacker can view information of other users on the platform.
The vulnerability exists in Sitecore version 8.2 and affects all Experience Platform topologies (XM, XP, XC) from 9.0 Initial Release to 10.3 Initial Release. An attacker can exploit this vulnerability to execute arbitrary code remotely. CVE-2023-35813 has been assigned to this vulnerability.
The exploit allows an attacker to read arbitrary files on the target system. This affects Adobe ColdFusion versions 2018,15 and earlier, as well as 2021,5 and earlier. It exploits CVE-2023-26360.
The Petrol Pump Management Software version 1.0 is vulnerable to SQL Injection, allowing an attacker to execute malicious code by manipulating the email address parameter in the index.php component.
The FAQ Management System v1.0 is vulnerable to SQL injection due to unsanitized user input ($_GET['faq']) directly used in an SQL query. An attacker can exploit this by manipulating the 'faq' parameter to inject malicious SQL code, potentially causing unauthorized database operations.
The exploit involves a buffer overflow vulnerability in XAMPP v3.3.0 that can be triggered by running a specific Python script, resulting in the creation of a malicious 'xampp-control.ini' file. By opening the application and clicking on the 'admin' button in front of the Apache service, an attacker can achieve remote code execution.
Electrolink FM/DAB/TV Transmitter products are prone to an Authentication Bypass vulnerability. Attackers can bypass authentication mechanisms by manipulating login cookies, gaining unauthorized access to the transmitter systems. This issue affects various versions of the transmitters, including Compact DAB Transmitters, Medium DAB Transmitters, High Power DAB Transmitters, Compact FM Transmitters, Modular FM Transmitters, Digital FM Transmitters, VHF TV Transmitters, and UHF TV Transmitters.
The Equipment Rental Script-1.0 is vulnerable to SQL injection in the package_id parameter. By injecting a payload such as 'mysql', an attacker can manipulate the database and potentially retrieve sensitive information. An error message was triggered when the payload was injected, indicating the presence of a SQL injection vulnerability.
Rail Pass Management System's download-pass.php page is vulnerable to a time-based SQL injection through the searchdata parameter in the search function.
A buffer overflow vulnerability in TP-Link TL-WR740 router allows attackers to crash the web server by sending a specially crafted request, requiring a physical reboot to restore functionality.
Services By CQR