Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShell.exe" which does not allow Administrators to tamper with them. This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. Note administrator privileges are required to exploit this vulnerability.
An authentication bypass vulnerability exists in Wordpress Plugin InfiniteWP Client version 1.9.4.5 and prior. An attacker can exploit this vulnerability to bypass authentication and gain access to the application. This is achieved by sending a specially crafted HTTP request to the vulnerable application. The request contains a specially crafted JSON payload that is base64 encoded and sent as part of the request. This payload contains a username parameter that is used to bypass authentication.
Torrent FLV Converter 1.51 Build 117 is vulnerable to a stack overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted input to the Registration Code input field, which can lead to a partial overwrite of the SEH handler. The bad characters for this exploit are 0x00, 0x0a, 0x0d, 0x80, 0xf0-x0ff, 0xe0-0x0ef, 0x70-0x7a, 0x61-0x6f, 0x9a, 0x9c, 0x9e.
APKF Product Key Finder 2.5.8.0 is prone to a denial-of-service vulnerability. An attacker can exploit this issue by supplying a malicious input to the 'Name' field, when registering the software. This may allow the attacker to crash the application, denying service to legitimate users.
Rukovoditel Project Management CRM version 2.5.2 is vulnerable to SQL Injection. This vulnerability is due to improper sanitization of user-supplied input in the 'filters' parameter. An attacker can exploit this vulnerability to inject malicious SQL queries into the application and execute arbitrary SQL commands in the back-end database.
This vulnerability allows an attacker to set a fake generator G = Q in an OpenSSL ECC Certificate, which can be used to generate a valid certificate. This can be exploited by an attacker to generate a valid certificate for any domain, allowing them to perform man-in-the-middle attacks.
Rukovoditel Project Management CRM 2.5.2 is vulnerable to SQL Injection. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate the data in the database, compromise the integrity of the data, or disclose sensitive information.
Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are vulnerable to a unauthenticated path traversal vulnerability that allows attackers to read configurations or any other file.
A vulnerability exists in Online Book Store 1.0, where an attacker can upload arbitrary files to the server. The attacker can exploit this vulnerability by crafting a malicious HTML form and submitting it to the server. The malicious file will be uploaded to the server and stored in the /store/bootstrap/img/ directory.
Jenkins Gitlab Hook Plugin 1.4.2 and earlier is vulnerable to Reflected Cross-Site Scripting. An attacker can exploit this vulnerability by sending a crafted URL to the victim. The crafted URL contains malicious JavaScript code which is executed in the victim's browser when the URL is clicked.
Services By CQR