A vulnerability exists in Simple Grocery Store Sales And Inventory System 1.0 which allows an attacker to bypass authentication by using payload jyot' or 1=1# in user and password field. This can be exploited by sending a malicious request with the payload to the ajax.php file.
rConfig 3.9.5 is vulnerable to Remote Code Execution (RCE) without authentication. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable application. The payload can be sent either by creating a new user with a malicious ulevelid parameter or by sending a malicious payload to the ajax/ajax_editFile.php page.
Attacker can bypass login page and access to dashboard page by sending a POST request with the payload 'email=%27%3D%27%27or%27%40email.com&password=%27%3D%27%27or%27&btn_login=: undefined' to the vulnerable file '/login.php'
Guild Wars 2 Launcher (Gw2-64.exe) suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.
A bug in this validation logic made it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an account takeover.
TimeClock Software 1.01 is vulnerable to an authenticated time-based SQL injection vulnerability. This vulnerability allows an attacker to enumerate valid usernames from the application's database. The exploit is achieved by sending a specially crafted HTTP POST request to the add_entry.php page with a malicious payload in the 'notes' parameter. If the username is valid, the application will delay its response for 5 seconds, allowing the attacker to detect the valid username.
Battle.Net Launcher (Battle.net.exe) suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Battle.net' and its files and sub-dirs world-writable.
A SQL injection vulnerability exists in berliCRM 1.0.24. An attacker can send a specially crafted POST request to the vulnerable parameter 'src_record' to inject malicious SQL code. This can be exploited to gain access to sensitive information from the database.
The files index.php on the main login page, and the index.php on the /admin/ login page does not perform input validation on the regno and username parameters. An attacker can send malicious input in the post request to http://localhost/index.php or either http://localhost/admin/index.php and bypass authentication, extract sensitive information etc.
There is no CSRF protection in Liman application, with a little help of social engineering (like sending a link via email/chat) an attacker may force the victim to click on a malicious link, with the purpose of manipulating his current account information, or changing entirely his password.
Services By CQR