PlayJoom is vulnerable to SQL injection. An attacker can send a specially crafted HTTP request to the application to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'catid' parameter of the 'index.php' script. This can be exploited to disclose the content of the back-end database.
In LibreHealth a user that has access to the portal patient (authenticated) can send a malicious POST request to read/write arbitrary files.
Cubi Platform login page is prone to an SQL-injection vulnerability. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
VSAXESS V2.6.2.70 build20171226_053 is vulnerable to a denial of service attack when a malicious user sends a large amount of data to the 'Organization' field. This can be exploited by running the python code organization.py, opening organization_exploit.txt and copying the content, opening VSAXESS.exe, registering a password and username, choosing 'Control Panel', choosing 'Access Control', choosing 'Add', and pasting the content from organization_exploit.txt on 'Organization' which will cause the application to crash.
OOP CMS BLOG 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The application does not properly sanitize user-supplied input before using it in an SQL query. This can be exploited to manipulate the SQL query by injecting arbitrary SQL code. Successful exploitation of this vulnerability can lead to information disclosure, modification of data, or even full system compromise.
While fuzzing a stack based buffer overflow was found in libIEC61850 (the open-source library for the IEC 61850 protocols) in prepareGooseBuffer in goose/goose_publisher.c. Steps to reproduce include running the goose_publisher_example with the argument crash_goosecr_stack_smash_overflow_aaaaaaaaa. Debugging revealed that the program received a SIGABRT signal and a backtrace was provided.
Grocery crud 1.6.1 is vulnerable to SQL Injection in the 'search_field' parameter. An attacker can exploit this vulnerability to gain access to the database and execute malicious SQL queries. The payloads used for exploiting this vulnerability are error-based and time-based blind SQL injection.
OOP CMS BLOG 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an admin user to the application. An attacker can craft a malicious HTML page and send it to the victim. When the victim visits the malicious page, the attacker's request will be executed in the background and an admin user will be added to the application. This can be exploited to gain access to the application.
An attacker or a malicious user with access to the administration interface can execute code on the server. After the plugin is uploaded, an attacker can execute arbitrary code on the server by accessing the URL http://<TARGET_URL>/tmp/test.php?cmd=<COMMAND>
A denial of service vulnerability exists in Blue Server 1.1, which allows an attacker to crash the server by sending a 'BOOM' string to the server. This can be exploited by an attacker to cause a denial of service condition on the server.
Services By CQR