The Hostel Management System v2.0 application from PHPgurukul is vulnerable to SQL injection via the 'id' parameter on the full-profile.php page. GET parameter 'id' is vulnerable.
NetShareWatcher 1.5.8.0 is vulnerable to a denial of service attack when a maliciously crafted string is entered into the 'Name' field. When the 'Ok' button is clicked, the application crashes.
The Complaint Management System v4.0 application from PHPgurukul is vulnerable to blind SQL injection via the 'cid' parameter which is found on the complaint-details.php page. The ?cid parameter is vulnerable to sql injection within the the vulnerable URL = https://10.0.0.214/complaint%20management%20system/cms/admin/complaint-details.php?cid=2
The Dairy Farm Shop Management System 1.0 web application is vulnerable to SQL injection in multiple areas. The most severe of these is the username parameter on the login page as this injection can be done unauthenticated.
k_adi_duz, k_email_duz, k_grup_duz, k_yetki_duz and k_sifre_duz parameters are injectable/vulnerable.
A denial of service vulnerability exists in NetworkSleuth 3.0.0.0 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by creating a malicious file (poc.txt) containing 1000 characters and then copying and pasting the characters in the field 'Key' and clicking on 'Ok', which will cause the application to crash.
Attacker can bypass login page and access to student change password dashboard. There isn't any file extension control in student panel "My Profile" section. An unauthorized user can upload php file as profile image.
MSN Password Recovery is vulnerable to a denial of service attack when a maliciously crafted User Name and Registration Code is entered into the application. An attacker can exploit this vulnerability by creating a file containing a large number of 'A' characters, and then pasting the contents of the file into the User Name and Registration Code field. This will cause the application to crash.
Windows ".group" files are related to Contact files and suffer from unexpected code execution when clicking the "Contact Group Details" tab Website Go button. This happens if the website URL field points to an executable file. This is the same type of vulnerability affecting Windows .contact files that remains unfixed as of the time of this writing and has a metasploit module available.
A vulnerability in nostromo 1.9.6 allows remote code execution. The vulnerability is due to a lack of proper input validation in the http_verify function in nostromo nhttpd.c. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability can result in remote code execution.
Services By CQR