The Blood Donor Management System v2.2 is vulnerable to stored XSS. By modifying certain input fields like 'Adress', 'Email id', or 'Contact Number' with a crafted payload, an attacker can trigger XSS when the affected page is loaded.
The WordPress Plugin Admin Bar & Dashboard Access Control version 1.2.8 is vulnerable to stored cross-site scripting (XSS) due to improper input validation in the 'Dashboard Redirect' field. An attacker can store malicious scripts in this field, leading to the execution of arbitrary JavaScript code when triggered.
The exploit allows an attacker to perform a blind SQL injection attack on JFrog Artifactory versions prior to 7.25.4. By sending crafted requests to the '/ui/api/v1/global-search/bundles/received' endpoint, an attacker can extract sensitive information from the database. This vulnerability is identified as CVE-2021-3860.
SQL injection attacks can lead to unauthorized access to sensitive data, data modification, application crashes, and service unavailability, resulting in financial losses and reputation damage.
Wordpress Plugin Neon Text version 1.1 and above is prone to a Stored Cross-Site Scripting (XSS) vulnerability through the neontext_box shortcode, allowing attackers to execute malicious scripts.
The Proxmox Virtual Environment (VE) is vulnerable to a Time-based One-Time Password (TOTP) brute force attack. By repeatedly guessing TOTP codes, an attacker can gain unauthorized access to the system. This vulnerability has been assigned CVE-2023-43320.
The exploit allows an attacker to bypass identity verification in VMware Cloud Director version 10.5. By exploiting this vulnerability (CVE-2023-34060), an attacker can execute unauthorized commands on the target device.
The exploit allows remote attackers to execute arbitrary code on the target system without authentication. The vulnerability is due to improper input validation in the Wordpress Seotheme. The exploit code provided in the script allows attackers to upload a web shell and gain control over the target system.
The Lot Reservation Management System allows unauthenticated users to upload files, which can lead to remote code execution. By exploiting this vulnerability, an attacker can upload malicious files containing code that can be executed on the server, potentially leading to unauthorized access, data theft, or further compromise of the system.
The R Radio Network FM Transmitter 1.07 system.cgi endpoint has an improper access control issue that allows unauthenticated users to access and view the clear-text password of the admin user, enabling them to bypass authentication and access FM station setup.
Services By CQR