The C program contains a buffer overflow vulnerability due to improper input validation. By sending a specially crafted input, an attacker can overwrite the buffer boundaries and inject malicious code. This can lead to arbitrary code execution and potentially compromise the system. This vulnerability can be identified as CVE-2021-12345.
A Stored Cross-Site Scripting (XSS) vulnerability exists in WordPress File Upload plugin version 4.23.3 and prior. By inserting a malicious shortcode in a post, an attacker can trigger an XSS attack when a file is uploaded, leading to potential script execution in the victim's browser. This vulnerability has been assigned CVE-2023-4811.
The exploit targets CVE-2023-49294 in Asterisk AMI, enabling authenticated users to enumerate filesystems, discover existing file paths, and disclose partial file contents. The disclosed files need to comply with the Asterisk configuration format, similar to INI configuration. The vulnerability can be utilized for unauthorized access to sensitive information.
An authenticated SQL injection vulnerability was found in CSZCMS v1.3.0. By manipulating the 'View' button next to a username in the Member Users section, an attacker can inject malicious SQL code using the 'sleep' function. This could lead to unauthorized access to the database or execution of arbitrary SQL queries.
The Alemha Watermarker Wordpress Plugin version 1.3.1 is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient sanitization of user-supplied data in the 'watermark_title' field. An attacker can insert malicious scripts in the Watermark Text field, which will execute whenever a user attempts to edit the page.
The GL-iNet MT6000 4.5.5 device is vulnerable to an arbitrary file download exploit. By exploiting this vulnerability, an attacker can download sensitive information such as credentials and registered Device ID. This vulnerability has been assigned CVE-2024-27356.
Casdoor version 1.331.0 and below is vulnerable to a CSRF attack in the '/api/set-password' endpoint. This allows an attacker to change a victim user's password by sending a specially crafted URL.
The 'bid' parameter in /delete.php of Code-Projects Blood Bank V1.0 is vulnerable to Out-of-Band SQL Injection. Attackers can exploit this by using Burp Collaborator to execute OOB SQL injection attacks, potentially gaining access to sensitive data.
The Gibbon LMS v26.0.00 is vulnerable to Server-Side Template Injection (SSTI) due to improper handling of user-supplied input in the login.php file. An attacker can exploit this vulnerability to execute arbitrary code on the server, leading to remote code execution.
The GUnet OpenEclass E-learning platform version 3.15 allows unrestricted file upload through the 'certbadge.php' file, which can be exploited by an attacker to upload malicious files. This vulnerability has been assigned the CVE-2024-31777.
Services By CQR