The Advanced Page Visit Counter plugin for WordPress, up to version 8.0.5, is vulnerable to a Stored Cross-Site Scripting (XSS) attack. This vulnerability allows authenticated users, including administrators, to inject malicious scripts into the plugin's settings, potentially leading to the execution of arbitrary code in the context of other users' sessions.
The perl2exe tool, up to version V30.10C, allows attackers to execute arbitrary code by manipulating the 0th argument of executables created with perl2exe. By crafting the argument, malicious actors can make the executable run another compiled executable, potentially leading to code execution and escaping restricted shell environments.
Client Details System 1.0 is vulnerable to SQL Injection through the 'uemail' parameter in the '/clientdetails/' endpoint. An attacker can exploit this vulnerability to compromise the application, access or manipulate data, or leverage other vulnerabilities in the database.
The Curfew e-Pass Management System 1.0 is vulnerable to SQL Injection in the 'FromDate' parameter. By manipulating the 'FromDate' parameter, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access to the database. This vulnerability has been tested on Windows 10/Wamp.
The 'email' parameter of dawa-pharma-1.0-2022 is vulnerable to SQL injection attacks. By injecting a malicious payload that includes a sub-query calling MySQL's load_file function with a UNC file path pointing to an external domain, an attacker can execute arbitrary SQL queries. This can lead to unauthorized access to sensitive client information and server credentials.
The exploit leverages a buffer overflow vulnerability in A-PDF All to MP3 Converter version 2.0.0 to bypass Data Execution Prevention (DEP) using a ROP chain that includes HeapCreate, HeapAlloc, and a memory copy function. By crafting a malicious .wav file, an attacker can trigger the vulnerability and execute arbitrary code on the target system. This exploit was tested on Windows 7 Ultimate 6.1.7601 SP1 Build 7601 x64.
The Lost and Found Information System v1.0 is vulnerable to an Insecure Direct Object Reference (IDOR) attack, which can be exploited by an authenticated attacker to take over user accounts. By manipulating the 'id' parameter in the POST request to '/classes/Users.php?f=save', an attacker can modify user information and potentially gain unauthorized access to other user accounts. This vulnerability has been assigned CVE-2023-38965.
The Easywall version 0.3.1 is vulnerable to authenticated remote command execution. By exploiting a command injection vulnerability in the 'port' parameter, an attacker can execute arbitrary commands on the target system. Successful exploitation can lead to unauthorized access and potential system compromise.
Windows Defender typically prevents execution of TrojanWin32Powessere.G by leveraging rundll32.exe, resulting in 'Access is denied' error. A mitigation bypass was disclosed in 2022 involving mshtml reference traversal. However, using multiple commas bypasses this mitigation, allowing successful execution.
An issue in WyreStorm Apollo VX20 devices before 1.3.58 allows attackers to determine valid accounts via the TELNET service, which prompts for a password only after a valid username is entered. This can lead to brute force attacks on valid accounts.
Services By CQR