An authentication bypass vulnerability exists in Stock Management System 1.0 due to improper validation of user-supplied input. An attacker can send a malicious POST request to the application with a crafted payload in the 'email' parameter to bypass authentication and gain access to the application.
This is a Proof of Concept Exploit which can be used to cause a Denial of Service on ACTi NVR3 Standard or Professional Server 3.0.12.42. The exploit sends a specially crafted HTTP request with an authentication header containing a large number of null bytes. This causes the server to crash.
Daily Expenses Management System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to bypass the authentication process and gain access to the application. This vulnerability is due to the lack of proper input validation on the application side. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a specially crafted payload to the application.
A buffer overflow vulnerability exists in Mocha Telnet Lite for iOS 4.2 when a maliciously crafted 'User' value is sent to the application. An attacker can leverage this vulnerability to cause a denial of service condition.
A vulnerability in Pi-hole 4.3.2 allows an authenticated user to execute arbitrary code on the target system. This is due to the lack of proper input validation in the log.php script. An attacker can send a specially crafted request to the log.php script to execute arbitrary code on the target system.
BacklinkSpeed 2.4 is vulnerable to a buffer overflow vulnerability when a maliciously crafted payload is imported. This can lead to arbitrary code execution. The exploit creates a text file named payload.txt which contains a 5000 byte payload followed by a nSEH and SEH value. When the payload.txt is imported, the application crashes due to the buffer overflow.
An attacker can bypass the authentication of Online Shopping Alphaware 1.0 by sending a malicious POST request to the target. The malicious POST request contains an email and password field with the value '+or+1%3d1%3b+--+ahmed'. This will bypass the authentication and allow the attacker to gain access to the application.
Coming Soon Page, Under Construction & Maintenance Mode by SeedProd is a popular WordPress Plugin with over 1 million active installations. The Headline field under the Page Settings section along with other fields in the plugin settings were found to be vulnerable to stored XSS, which gets triggered when the Coming Soon page is displayed (both in preview mode and live). All WordPress websites using Coming Soon Page, Under Construction & Maintenance Mode by SeedProd version 5.1.1 and below are affected.
Cisco ASA Software releases 9.5 and earlier, as well as Release 9.7, have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability.
Cisco ASA Software >=9.14 except 9.11 Cisco FTD Software >=6.2.2 and 6.2.3,6.3.0,6.4.0,6.50,6.60 are vulnerable to unauthenticated file read. An attacker can exploit this vulnerability by sending a crafted request to the targeted system.
Services By CQR