A SQL Injection vulnerability was discovered in Petrol Pump Management Software v.1.0. This vulnerability allows an attacker to execute arbitrary code by injecting a malicious payload into the email address parameter within the index.php component.
The FAQ Management System v1.0 is vulnerable to SQL injection due to unsanitized user input ($_GET['faq']) being directly used in SQL queries. An attacker can manipulate the 'faq' parameter to inject malicious SQL code, potentially leading to unauthorized database operations.
The exploit involves running a Python script that creates a malicious file 'xampp-control.ini' which triggers a buffer overflow in XAMPP v3.3.0 when the application 'xampp-control.exe' is opened. By clicking on the 'admin' button for the Apache service, the exploit can be triggered, leading to potential code execution.
The Electrolink FM/DAB/TV Transmitter devices are vulnerable to an authentication bypass issue. Attackers can exploit this vulnerability to bypass authentication mechanisms and gain unauthorized access to the affected devices. This could lead to potential unauthorized configuration changes or disruptions in broadcasting services. This vulnerability has been identified in various versions of the Electrolink transmitters, including Compact DAB Transmitters, Medium DAB Transmitters, High Power DAB Transmitters, Compact FM Transmitters, Modular FM Transmitters, Digital FM Transmitters, VHF TV Transmitters, and UHF TV Transmitters.
The package_id parameter in Equipment Rental Script-1.0 is vulnerable to SQL injection attacks. By submitting the payload ' in the package_id parameter, a database error message is returned. This vulnerability allows attackers to steal sensitive information from the database.
The Rail Pass Management System's searchdata parameter in the search function is vulnerable to a time-based SQL injection attack. By sending a crafted payload, an attacker can cause the response time to increase significantly, indicating a successful injection.
A buffer overflow vulnerability exists in TP-Link TL-WR740N router, allowing an attacker to crash the web server by sending a specially crafted request. Rebooting the router is necessary to restore the web server functionality.
Splunk version 9.0.4 is vulnerable to information disclosure where an attacker can append /__raw/services/server/info/server-info?output_mode=json to a query to access sensitive data like license keys. This can lead to unauthorized access to critical information.
Electrolink FM/DAB/TV Transmitters with web version 01.09, 01.08, and 01.07, display version 1.4 and 1.2, and control unit version 01.06, 01.04, and 01.03 are vulnerable to an unauthenticated remote Denial of Service (DoS) attack. This could allow an attacker to disrupt the broadcasting services, leading to a loss of service availability.
The Flashcard Quiz App v1.0 is vulnerable to SQL injection. This allows an attacker to manipulate the SQL query by injecting malicious SQL code into the 'card' parameter in the URL, potentially leading to unauthorized actions on the database.
Services By CQR