The exploit involves a Time-Based Blind SQL Injection vulnerability in Moodle's 'sort' parameter. By manipulating the 'sort' parameter, an attacker can extract sensitive information from the database. This exploit has been assigned the CVE-2021-36393.
The Positron Broadcast Digital Signal Processor TRA7005 is vulnerable to an authentication bypass that allows attackers to gain unauthorized access to protected areas of the application by manipulating the password management functionality. By exploiting this vulnerability, attackers can bypass Digest authentication, set a user's password to any value, or even remove it completely.
The exploit allows an attacker to bypass authentication and gain access to the Nagios XI application by manipulating SQL queries. This vulnerability has been assigned the CVE-2024-24401. By exploiting this vulnerability, an attacker can obtain sensitive information, modify data, or perform unauthorized actions.
By uploading a malicious PHP file in the Languages section of LeptonCMS 7.0.0, an authenticated attacker can execute arbitrary code on the server. This can lead to unauthorized access, data theft, or further compromise of the system. This vulnerability has not been assigned a CVE at the time of writing.
The vulnerability in GitLab CE/EE versions prior to 16.7.2 allows an attacker to perform a password reset on a user account without proper authorization. This could lead to unauthorized access to user accounts.
Craft CMS 4.0.0-RC1 through 4.4.14 allows unauthenticated remote attackers to execute arbitrary code via a crafted request. An attacker can leverage this vulnerability to extract sensitive information and potentially take control of the affected system. This vulnerability has been assigned the CVE-2023-41892.
The exploit targets minaliC 2.0.0 on Windows XP Professional Service Pack 2 and 3 (English). By sending a large amount of data via the GET method to the web server, the server crashes upon receiving and processing the request, leading to denial of service. Successful exploitation of this vulnerability allows remote attackers to disrupt the server, affecting legitimate users.
The exploit allows an attacker to remotely execute arbitrary code on Honeywell PM43 printers with firmware versions prior to P10.19.050004. By sending a crafted payload to the 'loadfile.lp?pageid=Configure' endpoint, an attacker can inject malicious commands. This vulnerability is identified as CVE-2023-3710.
FoF Pretty Mail 1.1.2 extension for Flarum is vulnerable to Local File Inclusion (LFI) as it mishandles file paths in email templates. An attacker with administrative privileges can exploit this flaw to include sensitive server files in email content, potentially leading to information disclosure.
A command injection vulnerability exists in KiTTY version 0.76.1.13 and below. By exploiting this vulnerability, a remote attacker could execute arbitrary commands on the target system. This vulnerability has been assigned CVE-2024-23749.
Services By CQR