Code Blocks 17.12 is vulnerable to a local buffer overflow vulnerability when a user pastes a specially crafted string into the 'Filename with fullpath' field. This can be exploited to execute arbitrary code by a local attacker.
The College Management System Php suffers from sql injection vulnerabilities in the index.php page, where data from POST parameter 'unametxt' and 'pwdtxt' are not getting filtered before passing into SQL query and hence rising SQL Injection vulnerability. Payload: ' or 1=1 --
The 10-Strike Bandwidth Monitor v3.9 services 'Svc10StrikeBandMontitor', 'Svc10StrikeBMWD', and 'Svc10StrikeBMAgent' suffer from unquoted service path vulnerabilities that allow attackers to achieve Privilege Escalation to SYSTEM, at startup, by placing a malicious binary in the truncated service path; such as 'C:Program.exe'.
A SQL injection vulnerability was discovered in Gila CMS 1.11.8. An attacker can exploit this vulnerability to inject malicious SQL queries and gain access to sensitive information from the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'query' parameter of the 'admin/sql' page. An attacker can send a specially crafted HTTP request to the vulnerable page and execute arbitrary SQL commands in the context of the application.
SOS JobScheduler is a tool for remote system administration that allows users to call maintenance scripts via a web interface. The tool places the maintenance scripts on the remote systems by means of (S)FTP. It allows the user to save profiles for these connections, in which the password for the (S)FTP connection is optionally stored. When the user chooses to store the password with the profile, it is encrypted using the name of the profile as the encryption key. Since the name of the profile is stored in the same configuration file, the plaintext (S)FTP password can trivially be recovered. The encryption algorithm used is Triple DES (3DES) with three keys, requiring a key length of 24 bytes. The profile name is padded to this length to create the key. Finally, the encrypted password gets base64 encoded before being stored in the configuration file.
There is reflected XSS via the /scgi sid parameter.
SmarterMail 16 is vulnerable to an arbitrary file upload vulnerability. An attacker can upload malicious files to the server, such as a web shell, and gain access to the server. The vulnerability exists due to the lack of proper input validation and authentication. The exploit requires authentication and the attacker must have valid credentials to exploit the vulnerability. The exploit was tested on Windows.
SQL Injection vulnerability exists in Virtual Airlines Manager 2.6.2. An attacker can inject malicious SQL queries via the 'id' parameter in the URL. For example, an attacker can inject malicious SQL queries via the 'registry_id', 'plane_icao', 'hub_id', 'plane_location' and 'event_id' parameters in the URL.
WinGate has insecure permissions for the installation directory, which allows local users ability to gain privileges by replacing an executable file with a Trojan horse. The WinGate directory hands (F) full control to authenticated users, who can then run arbitrary code as SYSTEM after a WinGate restart or system reboot.
Joomla J2 Store 3.3.11 is vulnerable to an authenticated SQL injection vulnerability in the 'filter_order_Dir' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This can allow an attacker to gain access to the underlying database and potentially execute arbitrary code.
Services By CQR