A vulnerability exists in Wondershare Application Framework Service 2.4.3.231, which allows an attacker to gain elevated privileges by exploiting the 'WsAppService' Unquote Service Path. The vulnerability is due to the lack of proper validation of the service path. An attacker can exploit this vulnerability by sending a specially crafted request to the service path. Successful exploitation of this vulnerability could result in the attacker gaining elevated privileges.
eMerge E3 1.00-06 is vulnerable to an unauthenticated directory traversal vulnerability. An attacker can send a specially crafted HTTP request to the vulnerable server to traverse the directory and read sensitive files. This vulnerability is due to insufficient input validation of user-supplied data. An attacker can exploit this vulnerability to gain access to sensitive information such as system files, passwords, and other confidential data.
Computrols CBAS-Web 19.0.0 is vulnerable to Reflected Cross-Site Scripting. This vulnerability is due to insufficient sanitization of user-supplied input in the 'username' parameter of the 'index.php' script when handling requests to the 'm=auth&a=verifyid' and 'm=auth&a=login' scripts. An attacker can exploit this vulnerability to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin Core HCM v5.4.0 HRMS Software. The user supplied input containing malicious JavaScript is echoed back as it is in JavaScript code in an HTML response.
Authenticated Remote Root Exploit for Prima FlexAir Access Control 2.3.38 via Command Injection in SetNTPServer request, Server parameter.
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin Core HCM v5.4.0 of HRMS Software. The user supplied input containing malicious JavaScript is echoed back as it is in JavaScript code in an HTML response.
An attacker can exploit a vulnerability in the NSUnarchiver API to deserialize malicious data. The vulnerability is due to the logic of NSUnarchiver, which allows subclasses of NSDictionary that also implement secure coding to be deserialized. NSSharedKeyDictionary is an example of such a subclass. The value lookup on an NSSharedKeyDictionary works by invoking [NSSharedKeySet indexForKey:] on its associated keySet, computing the hash of the key, and using it to lookup the index in its rankTable. If the result is true, the index is returned to the NSSharedKeyDictionary where it is used to index into its values array. If not, indexForKey: recursively processes the subKeySet in the same way until it either finds the key or exhausts the chain.
XML Notepad 2.8.0.4 is vulnerable to XML External Entity Injection. An attacker can craft a malicious XML file and send it to the victim, which can then be used to read local files on the victim's system. The attacker can also use the malicious XML file to send the contents of the local files to a remote server.
The Alps HID Monitor Service 8.1.0.10 is vulnerable to an unquoted service path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The attacker can use the 'wmic' command to discover the unquoted service path and then use the 'sc qc' command to view the service configuration.
Nextcloud 17 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability by sending a malicious request to the server. The malicious request can be used to create or delete folders in the server. The malicious request can be sent using the MKCOL and DELETE methods.
Services By CQR