A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
A vulnerability in Live Call Support 1.5 allows an attacker to execute arbitrary code or perform an SQL injection attack. This is due to the application not properly validating user-supplied input when handling file uploads. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request containing malicious code in the call_widget_image parameter. This will allow the attacker to execute arbitrary code on the vulnerable system.
Live Call Support 1.5 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an admin user to the application. This is due to the application not verifying whether a malicious request is being sent from a valid source. An attacker can craft a malicious request and send it to the vulnerable application, which will then add an admin user to the application.
Modern POS 1.3 is vulnerable to SQL Injection. An attacker can send a specially crafted HTTP request to the application to execute arbitrary SQL commands in the back-end database.
Modern POS 1.3 is vulnerable to arbitrary file download. An attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. The request should contain the action parameter set to download and the path parameter set to the file that the attacker wants to download. This vulnerability can be exploited to download sensitive files such as configuration files, which can lead to further attacks.
Horde Imp, an application that comes with the Horde GroupWare/Webmail suite exposes an unauthenticated debug page with a form that permits IMAP requests to arbitrary hosts. Leveraging the CVE 2018-19518 and no input sanitization is possible to execute shell commands.
A SQL injection vulnerability exists in i-doit CMDB 1.12, which allows an attacker to inject malicious SQL queries via the 'objGroupID' parameter. This can be exploited to gain access to the database, including user credentials, and other sensitive information.
A vulnerability in i-doit CMDB 1.12 allows an attacker to download arbitrary files from the server by sending a specially crafted HTTP request. The vulnerability exists due to insufficient validation of user-supplied input in the 'file_manager' parameter of the 'index.php' script. An attacker can exploit this vulnerability to download arbitrary files from the server.
Luminance Studio 2.17 is vulnerable to a Denial of Service attack. By entering any character into the program, it will crash. This can be exploited by creating a file containing a malicious payload and then opening it with the program.
Blob Studio 2.17 is vulnerable to Denial of Service attack. An attacker can create a malicious file with a payload of 10 bytes of 'A' characters and send it to the victim. When the victim opens the malicious file, the application will crash.
Services By CQR