WebCatalog version 48.4 and earlier does not properly validate URLs before calling the Electron shell.openExternal function, enabling an attacker to execute code via arbitrary protocols when users interact with malicious URLs. This can lead to the bypassing of security mechanisms for delivering malicious files.
The Simple Inventory Management System v1.0 is prone to SQL Injection due to user inputs ($_POST['email'] and $_POST['pwd']) being directly used in SQL queries without proper validation, allowing malicious users to manipulate the application. An attacker could inject SQL code through crafted input, potentially leading to unauthorized access.
7 Sticky Notes v1.9 is vulnerable to OS command injection. By manipulating the 'Action' field in the 'Alarms' tab, an attacker can execute arbitrary commands on the system. An attacker can set a malicious command as an alarm action, leading to the execution of the command when the alarm triggers.
Windows Defender normally detects and prevents the execution of TrojanWin32Powessere.G which leverages rundll32.exe. By using a VBScript and ActiveX engine, attackers can bypass the detection. Running a specific command can allow the execution of arbitrary commands from an attacker. This bypass involves adding arbitrary text to a parameter, such as 'shtml' or 'Lol', to evade Windows Defender detection.
The 'cid' parameter in Fundraising Script-1.0 is vulnerable to SQL injection attacks. By submitting the payload ' as the cid parameter, a database error message was returned. If the database is not empty, this vulnerability could lead to unauthorized access to sensitive information such as donor's money and bank account details.
A file upload vulnerability in Petrol Pump Management Software v1.0 allows an attacker to run arbitrary code by uploading a specially crafted payload to the 'Image' parameter in the 'profile.php' component.
WhatsUp Gold 2022 (22.1.0 Build 39) is vulnerable to stored cross-site scripting (XSS) via the sysName SNMP parameter. An attacker can inject malicious scripts into the admin console by crafting a specially crafted SNMP device name, leading to code execution in the context of the admin user. This could result in data theft or unauthorized actions. The exploit involves adding a Powershell reverse shell that connects to the attacker every 5 minutes.
The Simple Student Attendance System v1.0 is vulnerable to 'classid' Time Based Blind and Union Based SQL Injection. An attacker can manipulate the 'classid' parameter to execute arbitrary SQL queries.
The PCMan FTP Server 2.0 is vulnerable to a remote buffer overflow exploit in the 'pwd' command. By sending a specially crafted payload, an attacker can trigger a buffer overflow, potentially leading to remote code execution. This vulnerability has a CVE ID associated with it, but the specific ID is not provided in the text.
IBM i Access Client Solutions (ACS) is vulnerable to remote credential theft when NT LAN Manager (NTLM) is enabled on Windows workstations. By creating UNC paths within ACS configuration files pointing to a malicious server, attackers can capture NTLM hash information and obtain user credentials.
Services By CQR