Gibbon LMS v26.0.00 is vulnerable to PHP deserialization due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability has been assigned CVE-2024-24725.
The Stock Management System web application version 1.0 is vulnerable to an unauthenticated SQL Injection attack. This vulnerability allows remote attackers to extract sensitive information from the SQL database using an Error-Based Injection technique.
The MobileShop-master application is vulnerable to SQL Injection through the 'id' parameter in '/MobileShop-master/Details.php'. By exploiting this vulnerability, attackers can gain unauthorized access, manipulate data, and potentially exploit other database vulnerabilities. Prompt action is necessary to mitigate the risk and protect the application and its data.
SQL Injection vulnerability in Employee Management System version 1.0 allows attackers to execute arbitrary SQL commands through the admin_id parameter in update-admin.php. An attacker can manipulate the admin_id parameter to inject malicious SQL queries, leading to unauthorized access or data manipulation.
The exploit allows remote attackers to execute arbitrary code on Ruijie Switch PSG-5124 version 26293. By sending a malicious request to the target IP and port, an attacker can trigger the vulnerability and run commands on the device.
SQL injection is a type of security vulnerability that allows attackers to manipulate the database queries of an application. By inserting SQL queries through input data, attackers can access sensitive information, modify data, perform administrative tasks, retrieve files, and in some cases, execute commands on the operating system.
Petrol Pump Management Software v1.0 is vulnerable to Remote Code Execution (RCE) due to a file upload flaw. An attacker can upload a malicious payload to the logo Photos parameter in the web_crud.php component, allowing them to execute arbitrary code on the server. By exploiting this vulnerability, an attacker can potentially take full control of the application.
Windows Defender fails to detect and prevent execution of TrojanWin32Powessere.G when leveraging rundll32.exe, leading to an 'Access is denied' error. The bypass was first disclosed in 2022 by passing an extra path traversal with mshtml, which was later mitigated. Subsequently, on Feb 7, 2024, using multiple commas as part of the path allowed bypassing the mitigation until it was fixed. Another trivial bypass was discovered soon after.
The Workout Journal App version 1.0 is vulnerable to stored XSS. By registering with malicious XSS payloads in the First and Last name fields during registration, an attacker can execute arbitrary scripts. This vulnerability arises due to lack of data validation, allowing the browser to execute injected code.
The JetBrains TeamCity version 2023.05.3 is vulnerable to remote code execution (RCE) before version 2023.05.4. An attacker can exploit this vulnerability to create a TeamCity admin account. CVE-2023-42793 has been assigned to this vulnerability.
Services By CQR