The vulnerability allows an attacker to upload arbitrary files to the server using the Wordpress Theme Travelscape v1.0.3. This could lead to remote code execution and compromise the website. This vulnerability has been assigned CVE-ID: CVE-2024-XXXX.
The exploit allows an attacker to perform local file inclusion in Jenkins version 2.441. By exploiting this vulnerability, the attacker can read arbitrary files on the target system. This vulnerability has been assigned CVE-2024-23897.
The vm2 library version <= 3.9.19 is vulnerable to a sandbox escape exploit. By executing specially crafted code, an attacker can escape the sandbox environment and execute arbitrary commands on the host system. This vulnerability has been assigned CVE-2023-37466.
The MinIO software before the version RELEASE.2024-01-31T20-20-33Z allows privilege escalation. An attacker can exploit this vulnerability to gain unauthorized access to higher levels of privilege.
Stored Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into a web application's database, which are then executed when accessed by other users. This vulnerability affects parameters in 'Add Tracker' and 'Update Tracker' requests due to lack of input sanitization.
SolarView Compact 6.00 allows remote attackers to execute arbitrary commands via a crafted HTTP request to the /downloader.php file. This vulnerability has been assigned CVE-2023-23333.
PrusaSlicer up to and including version 2.6.1 is vulnerable to arbitrary code execution when exporting g-code from a malicious 3mf project. By manipulating the 'Metadata/Slic3r_PE.config' file within the project, an attacker can insert a post-processing script that executes arbitrary code upon g-code export. This exploit has been demonstrated on both Windows and Linux platforms.
An attacker can exploit a stored Cross-Site Scripting vulnerability in Backdrop CMS 1.23.0 by inserting malicious scripts into the body of a post. By crafting a specific payload and saving the post, the attacker can execute arbitrary scripts in the context of other users' browsers.
SQL injection vulnerability in Purei CMS 1.0 allows attackers to manipulate backend SQL statements by injecting malicious code through user inputs, potentially compromising the integrity of the database or exposing sensitive information.
LaborOfficeFree software installs a MySQL instance running as SYSTEM, where the MySQL root password is calculated based on constants. The program uses a reverse algorithm to calculate the root password each time it needs to connect to MySQL as root. This vulnerability affects version 19.10, but potentially also impacts versions prior to 19.10.
Services By CQR