The Electrolink FM/DAB/TV Transmitter devices are prone to an authentication bypass vulnerability. This issue allows remote attackers to access the devices without proper authentication, potentially leading to unauthorized control or access to sensitive information. This vulnerability has been assigned CVE-XXXXX.
The exploit allows remote attackers to execute arbitrary code without authentication in WordPress Augmented-Reality plugin. By exploiting this vulnerability, an attacker can upload malicious files and execute commands on the target system.
In 2022, a Proof of Concept (PoC) was released to bypass the detection of Backdoor:JS/Relvelshe.A in Windows Defender, which was later mitigated. However, by adding a simple JavaScript try-catch error statement and evaluating the hex string, the bypass can still be achieved.
The Canto plugin for WordPress versions up to 3.0.4 is vulnerable to Remote File Inclusion (RFI) via the 'wp_abspath' parameter. This allows unauthenticated attackers to execute arbitrary remote code on the server if allow_url_include is enabled.
CVE-2023-46453 is an authentication bypass vulnerability in GLiNet routers with firmware versions 4.x and above. By exploiting this vulnerability, an attacker can bypass authentication mechanisms and access the router's web interface. The issue arises from improper authentication checks in the /usr/sbin/gl-ngx-session file.
A Stored Cross Site Scripting (XSS) vulnerability in Petrol Pump Management Software v1.0 allows attackers to execute malicious code by injecting a crafted payload into the Address parameter in the add_invoices.php component.
An SQL injection vulnerability in WP Fastest Cache 1.2.2 allows an unauthenticated attacker to execute SQL queries on the system.
A proof-of-concept scenario showcasing a host header injection vulnerability in sisqualWFM version 7.1.319.103, particularly targeting the /sisqualIdentityServer/core endpoint. Exploiting this flaw could allow an attacker to manipulate webpage links or redirect users to malicious sites by altering the host header.
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can access sensitive information such as login credentials by directly visiting certain web pages like login.htm and mail.htm on the affected devices.
The vulnerability exists in ManageEngine ADManager Plus Build version less than 7183, allowing helpdesk technicians without backup/recovery privileges to view and compromise user account passwords through password spraying attacks in Active Directory.
Services By CQR