The vulnerability in Microsoft Windows PowerShell allows for code execution by bypassing single quote restrictions. By using a combination of semicolon and ampersand characters, a specially crafted filename can trigger arbitrary code execution and evade PS event logging. This can lead to unauthorized file execution and potential security breaches.
The GYM Management System version 1.0 is vulnerable to stored cross-site scripting (XSS) due to insufficient validation of user-supplied data. An attacker can inject a malicious payload in the 'lname' field, leading to the execution of arbitrary JavaScript code in the context of the victim's browser. This can result in session hijacking, sensitive information theft, or other malicious actions. The vulnerability was detected by Alperen Yozgat.
The exploit allows injection of arbitrary code into a client's game through a crafted payload. The code author holds no liability for any damages caused by the usage of this exploit. By exploiting this vulnerability, an attacker can execute remote code on the target system.
The elFinder Web file manager version 2.1.53 allows remote attackers to execute arbitrary commands via uploading a crafted PHP file that leverages the system function.
Unauthenticated users can exploit the Clinic's Patient Management System version 1.0 by uploading a malicious PHP file in place of a profile picture via the /pms/users.php address. This allows attackers to execute arbitrary commands on the server without requiring any authentication.
This exploit enables an attacker to establish a reverse shell connection from a system running OSGi v3.8-3.18 or earlier. The vulnerability allows unauthorized remote attackers to execute arbitrary code on the target system.
The SureMDM On-premise version 6.31 and below allows an attacker to bypass CAPTCHA and enumerate users. By sending requests to the /ForgotPassword.aspx/ForgetPasswordRequest endpoint with a User ID, an attacker can check if the User ID exists without being blocked by the CAPTCHA mechanism. This vulnerability has been assigned the CVE-2023-3897.
CSZ CMS Version 1.3.0 is vulnerable to remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This vulnerability has been assigned CVE-ID: TBD.
Super Store Finder is a PHP script with a vulnerability that allows unauthenticated SQL Injection attacks. By injecting SQL commands into the USERNAME parameter in the index.php file, attackers can perform boolean-based blind, error-based, or time-based blind SQL injection.
The Lot Reservation Management System is a PHP/MySQLi project designed to assist in managing property reservations. The system allows clients to view property information and make reservations. However, it is vulnerable to an unauthenticated file disclosure issue.
Services By CQR