The exploit allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability in KiTTY version 0.76.1.13. By sending a specially crafted payload, an attacker can trigger the overflow and potentially gain remote access to the affected system. This vulnerability has been assigned CVE-2024-25004.
The Viessmann Vitogate 300 with versions up to 2.1.3.0 is vulnerable to remote code execution. By sending a crafted request to the target device, an attacker can execute arbitrary commands on the system. This vulnerability has been assigned CVE-2023-5702 & CVE-2023-5222.
The vulnerability exists in the ofrs/admin/index.php script due to inadequate user input handling during the login process.
FoF Pretty Mail 1.1.2 extension for Flarum is vulnerable to Server-Side Template Injection (SSTI) because it does not properly handle template variables. An attacker with administrative privileges can insert malicious code into the email template, which could result in executing arbitrary code on the server.
Tourism Management System v2.0 is vulnerable to arbitrary file upload due to insufficient input sanitization. An attacker can exploit this vulnerability to upload malicious files to the server.
The Simple Backup Plugin version 2.7.10 allows an attacker to download arbitrary files from the server through a path traversal vulnerability. By manipulating the 'download_backup_file' parameter in the 'tools.php' page, an attacker can traverse directories and access sensitive files on the server.
The vulnerability of Broken Access Control allows unauthorized users to access the home page and perform operations like creating, updating, or deleting trackers without the need for credentials.
The exploit allows an attacker to traverse the directory structure and read sensitive files such as /etc/passwd on UPS Network Management Card 4 without authentication.
The exploit targets Microsoft Windows 10.0.17763.5458 and allows for a privilege escalation within the kernel. By exploiting this vulnerability, an attacker could potentially gain elevated privileges on the system.
SQL injection can allow unauthorized access to sensitive data, data modification, application crashes, and unavailability, leading to financial loss and reputational damage.
Services By CQR