This exploit allows an attacker to brute force the production key of an ecommerce system using Systempay and SHA1 to crypt signature. The attacker can then modify the form data and generate a success payment return.
Online Job Portal 1.0 is vulnerable to Cross Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable application. In the first POC, an attacker can send a malicious request to the vulnerable application to add a new user with administrator privileges. In the second POC, an attacker can send a malicious request to the vulnerable application to edit an existing user with administrator privileges.
RarmaRadio 2.72.4 is vulnerable to a denial of service attack when a maliciously crafted server name is provided. By providing a server name of 4000 'A' characters, the application will crash when the user attempts to save the settings.
RarmaRadio 2.72.4 is vulnerable to a denial of service attack when a maliciously crafted username is used. By running the python code 'rarmaradio_username.py', a text file containing a buffer of 5000 'A' characters is created. When this text file is copied to the clipboard and pasted into the 'Username' field in the 'Network' settings, the application will crash.
TapinRadio 2.12.3 is vulnerable to a denial of service attack when a maliciously crafted username is used. This can be exploited by a local attacker to crash the application.
An attacker can exploit a vulnerability in Online Job Portal 1.0 to execute arbitrary code on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mealid' parameter of the 'index.php' script. An attacker can send a specially crafted HTTP request containing an arbitrary PHP code in the 'mealid' parameter to execute arbitrary code on the vulnerable system.
TapinRadio 2.12.3 is vulnerable to a denial of service attack when a maliciously crafted 'address' field is supplied. An attacker can exploit this vulnerability by running a python code to generate a maliciously crafted 'address' field, copying the content to clipboard, opening TapinRadio, selecting 'Settings' > 'Preferences' > 'Miscellaneous', selecting 'Set Application Proxy...', pasting the clipboard in the 'Address' field, typing '444' in the 'Port' field, typing 'test' in the 'Username' field, typing '1234' in the 'Password' field, selecting 'OK' and 'OK', which will cause the application to crash.
AbsoluteTelnet 11.12 is vulnerable to a denial of service attack when a specially crafted username is used in an SSH2 connection. By sending a large string of 'A' characters as the username, the application will crash.
Online Job Portal 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted POST request to the login.php page. This will allow the attacker to gain access to the database and execute arbitrary SQL commands.
A denial of service vulnerability exists in AbsoluteTelnet 11.12 when a maliciously crafted license name is entered, resulting in a crash. An attacker can exploit this vulnerability by running a python code to generate a maliciously crafted license name, copying the content to clipboard, opening AbsoluteTelnet.exe, selecting Help > Enter License Key, and pasting the clipboard in the License Name field.
Services By CQR