The exploit allows an attacker to perform an Account Takeover by manipulating the 'id' parameter in the URL of the 'Users.php?f=save' endpoint in Lost and Found Information System v1.0. By changing the 'id' parameter, an attacker can access other user accounts without proper authorization. This vulnerability has been assigned CVE-2023-38965.
The Easywall 0.3.1 software is prone to an authenticated remote command execution vulnerability. By exploiting this issue, a remote attacker who has authenticated access to the application can execute arbitrary commands on the target system. This can lead to complete compromise of the system.
Windows Defender usually prevents the execution of TrojanWin32Powessere.G by leveraging rundll32.exe. However, by using multiple commas in the execution command, the mitigation can be bypassed, allowing successful execution of the trojan.
The exploit allows an attacker to perform SQL injection in the Enrollment System v1.0 application by manipulating the 'emc' parameter in the '/get_subject.php' URI. By injecting a crafted payload, an attacker can retrieve sensitive information from the database. This vulnerability has a CVE identifier.
WyreStorm Apollo VX20 devices before version 1.3.58 are vulnerable to an account enumeration issue where the TELNET service prompts for a password only after a valid username is entered. Attackers who can access the Telnet service can identify valid accounts, potentially leading to brute force attacks on valid accounts.
An issue in WyreStorm Apollo VX20 devices before version 1.3.58 allows remote attackers to access cleartext credentials for the SoftAP Router configuration using an HTTP GET request, leading to unauthorized disclosure of sensitive information.
A critical SQL Injection vulnerability was found in the Bank Locker Management System application, allowing an attacker to bypass authentication and gain unauthorized access to the system. By injecting 'admin' or '1'='1-- -' in the login and password fields, an attacker can access the application with administrative privileges.
The Human Resource Management System version 1.0 is vulnerable to SQL Injection through the 'employeeid' parameter. By using crafted payloads like 'employeeid=2' AND 9667=9667-- NFMg', an attacker can manipulate the SQL queries to extract sensitive information from the database. Successful exploitation allows unauthorized access to the database.
The exploit allows an attacker to remotely execute code on the vulnerable server without authentication. This vulnerability has been assigned CVE-2023-38646. An attacker can send a malicious GET request to the '/exploitable' path, leading to the execution of arbitrary code.
The Numbas software version 7.2 and below allows remote attackers to execute arbitrary code via crafted input, due to improper input validation. This vulnerability has been assigned CVE-2024-27612.
Services By CQR