LayerBB 1.1.4 is vulnerable to a SQL injection vulnerability in the 'search_query' parameter. An attacker can send a specially crafted payload to the search.php page to exploit this vulnerability. The payload sent in the POST request is 'search_query=Lffd') AND 8460=(SELECT (CASE WHEN (8460=8460) THEN 8460 ELSE (SELECT 1560 UNION SELECT 2122) END))-- -&search_submit=Search'
This exploit is for SpotAuditor 5.3.5. It is a Denial of Service vulnerability which can be triggered by copying a large amount of data into the 'Name' or 'Key' field when registering the software. This will cause the application to crash.
Softros LAN Messenger 9.6.4 is vulnerable to an unquoted service path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the SoftrosSpellChecker service not being properly quoted. An attacker can exploit this vulnerability by creating a malicious executable with the same name as the service and placing it in the same directory as the service. When the service is started, the malicious executable will be executed with SYSTEM privileges.
A remote code execution vulnerability exists in Unified Remote 3.9.0.2463. An attacker can send specially crafted packets to the Unified Remote service to execute arbitrary code on the target system.
If malicious data is deserialized, it will execute arbitrary Python commands. It is also possible to make system() calls. The vulnerability exists from the first version till the current version for backward compatibility. The payload was found during research made on deserialization functions. The pattern should be: {..{"py/repr":<the module to import>/<the command to be executed.>}..}
Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6. Login with editor account with rights to Navigation, Galleries, Snippets. Navigation - Add link payload: '><img src=x onerror=alert(document.cookie)>. Galleries - Add gallery payload: mlem"><svg/onload=alert(1)>. Snippets - Add Snippets payload: mlem"><svg/onload=alert("TuongNC")>.
The vulnerability exists in Beauty Parlour Management System 1.0, where the 'sername' parameter is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a malicious payload to the 'sername' parameter. This can be done by sending a POST request to the edit-services.php page with the malicious payload in the 'sername' parameter. The attacker can then use sqlmap to exploit the vulnerability and gain access to the database.
A user with permissions to create new document versions could create a malicious stored cross-site scripting payload. The description value would be reflected by the server without proper sanitization resulting in a stored XSS vulnerability.
A buffer overflow vulnerability exists in dataSIMS Avionics ARINC 664-1 software version 4.5.3. The vulnerability is caused due to a boundary error when handling user-supplied input, specifically when handling a specially crafted MIL-STD-1553 or ARINC 429 testing effort. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted request to the vulnerable application. Successful exploitation could allow attackers to execute arbitrary code in the context of the application.
Comment System 1.0 is vulnerable to Stored Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'Your Name' and 'Comment' fields of the comment form. When a user visits the page, the malicious code will be executed in the user's browser.
Services By CQR