The HTMLy version v2.9.6 is vulnerable to stored XSS. An attacker can inject malicious code into the 'Blog title' field, triggering a cross-site scripting attack. This could lead to unauthorized access to user sessions, defacement of the website, or theft of sensitive information.
Simple Task List version 1.0 is vulnerable to SQL Injection in the 'status' parameter of the addTask.php file. An attacker can exploit this vulnerability to execute malicious SQL queries, potentially leading to unauthorized access and extraction of sensitive data from the database.
A Stored Cross Site Scripting (XSS) vulnerability was discovered in SPA-CART CMS version 1.9.0.3. By injecting malicious code into the 'descr' parameter via a POST request, an attacker can execute arbitrary scripts in the context of a user's browser.
The vulnerability in liveSite Version 2019.1 allows an attacker to execute arbitrary code remotely. By creating a campaign with a specific payload, an attacker can view sensitive system information like the contents of '/etc/passwd'.
A critical security vulnerability in LimeSurvey Community Edition Version 5.3.32+220817 allows attackers to compromise the super-admin account through the 'Administrator email address:' field in 'General Setting.' This could result in theft of cookies and session tokens.
The Wordpress Plugin Playlist for Youtube version 1.32 is vulnerable to stored cross-site scripting (XSS) attack. By injecting a malicious XSS payload into the 'Name' or 'Playlist ID' properties when adding a new playlist, an attacker can execute arbitrary scripts in the context of a user's browser.
The exploit allows an attacker to execute remote code on the Karaf Console. By sending a crafted request, an attacker can open a reverse shell connection, giving them unauthorized access to the system. This vulnerability has been assigned the CVE identifier CVE-2023-XXXXX.
The TELSAT marKoni FM Transmitter 1.9.5 firmware contains a hidden super administrative account named 'factory' with a hardcoded password 'inokram25', providing unauthorized access to the web management interface configuration. This backdoor account is not visible in the user interface and the password cannot be changed through regular operations. By exploiting this vulnerability located in the /js_files/LogIn_local.js script file, attackers can gain full control over the device, allowing them to perform actions like unit configuration, parameter modification, EEPROM overwrite, clearing DB, and factory log modification.
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 are vulnerable to privilege escalation. This is due to improper ACLs of the non-default installation directory. An attacker with local access could exploit this by replacing binaries in the installation directory, allowing them to execute arbitrary commands and potentially gain elevated privileges on the system.
An authenticated path traversal vulnerability was found in OpenClinic GA version 5.247.01. By manipulating the 'Page' parameter in a GET request to 'main.do', an attacker can navigate to arbitrary directories and retrieve or execute files. This can lead to unauthorized access to sensitive information or facilitate more severe attacks.
Services By CQR