MiniTool ShadowMaker 3.2 is vulnerable to an unquoted service path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the MTAgentService service not being properly quoted. An attacker can exploit this vulnerability by placing malicious files in the same directory as the MTAgentService service executable. When the service is started, the malicious files will be executed with SYSTEM privileges.
Apartment Visitors Management System 1.0 is vulnerable to authentication bypass. An attacker can bypass authentication by entering ' or '1'='1'# as the username and any value as the password.
This exploit allows an attacker to execute arbitrary code on a vulnerable GitLab 11.4.7 instance. The exploit involves creating a project with a malicious payload, which is then executed when the project is imported. The exploit requires authentication, but can be used by any user with access to the GitLab instance.
This exploit allows an attacker to upload a malicious PHP file to the vulnerable WordPress plugin Adning Advertising 1.5.5. The attacker can then execute the malicious file by accessing it directly from the server. This vulnerability is due to the lack of proper input validation and authentication checks in the plugin.
An attacker can exploit a SQL injection vulnerability in Baby Care System 1.0 by manipulating the 'roleid' parameter in the URL. By running sqlmap on the URL, an attacker can enumerate the database and extract sensitive information.
Stored XSS vulnerability exists in Sales and Inventory System for Grocery Store 1.0. An attacker can exploit this vulnerability by logging in to the application with admin credentials, clicking on 'Customer' on the left side, then clicking 'Add Customer'. The attacker can then input a malicious payload in the 'First Name' field of the 'Add Customer' form. When the attacker clicks on 'Save', the payload will be stored and will be triggered whenever the 'Customer' page is clicked. Stored XSS can also be found on the 'Product' page, where the attacker can select any product and then go to 'Action' to edit it. The attacker can then input a malicious payload in any of the fields and the XSS payload will be triggered.
A SQL Injection vulnerability exists in Online Learning Management System 1.0, which allows an attacker to inject malicious SQL queries via the 'id' parameter. By sending a specially crafted request to the 'edit_department.php' page, an attacker can use the sqlmap tool to inject malicious SQL queries and gain access to the database, leading to information disclosure.
Multiple stored XSS vulnerabilities exist in Online Learning Management System 1.0. An attacker can exploit these vulnerabilities by logging in to the application with admin credentials, navigating to the Subject, Class, Admin Users, and Department pages, and entering malicious XSS payloads in the respective fields. When the malicious payloads are saved, they will be triggered whenever the respective pages are visited.
Easy authentication bypass vulnerability on the application allows an attacker to log in as the registered user without password. Step 1: Go to http://localhost/ and register a new user or try to login as already registered user (Ubas). Step 2: On the login page, use query { Ubas' or '1'='1 } as username Step 2: On the login page, use same query { Ubas' or '1'='1 } as password All set you should be logged in as Ubas.
Class Scheduling System 1.0 is vulnerable to multiple stored XSS. An attacker can inject malicious JavaScript code in the “Person Incharge”, “Subject Code”, “Course Year” and “Student Name” fields of the application. The malicious code will be stored in the application and will be triggered whenever the respective page is visited.
Services By CQR