ServersCheck Monitoring Software allows for SQL Injection by an authenticated user via the alerts.html 'id' parameter. An attacker can manipulate the results of the page by using the 'OR+2=2' and '-2' parameters.
This exploit uses the ComputerDefaults.exe binary to bypass UAC on Windows 10. It creates a registry key in the HKEY_CURRENT_USER hive and sets the DelegateExecute value to an empty string. It then sets the (Default) value to cmd.exe, which is then executed by ComputerDefaults.exe with elevated privileges.
SIM-PKH 2.4.1 is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious file to the web server by sending a specially crafted HTTP POST request to the vulnerable application. This can be exploited to execute arbitrary code on the web server.
ServersCheck Monitoring Software allows remote attackers to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu item. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories.
Librarian, Teacher members can run the sql codes. An attacker can inject malicious SQL queries via the 'student_id' parameter in the 'give_studentbook' page and the 'teacher_id' parameter in the 'subject_allocation' page. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Viva Visitor & Volunteer ID Tracking 0.95.1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'fname' or 'lname' in the 'repeat_verify-n.php' script. This can allow the attacker to gain access to the database and execute arbitrary code.
The Open ISES Project 3.30A is vulnerable to an arbitrary file download vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a malicious filename parameter which can be used to download any file from the server. The attacker can also use the origname parameter to download any file from the server.
eNdonesia Portal 8.7 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate the queries that are executed in the backend database, allowing the attacker to access or modify sensitive data. The attacker can also use this vulnerability to execute system level commands in the underlying operating system.
In kpersona_alloc_syscall, if an invalid userspace pointer is provided for the ipd outptr, the copyout will fail and jump to the persona_put() function. This can cause an extra call to persona_put() if the id is attacker controlled and persona_alloc() and dealloc() are called in different threads. It is possible to make the failing copyout take a long time, allowing an attacker to gc and zone-swap the page leading to the code attempting to drop a ref on a different type.
IOHIDResourceQueue::enqueueReport has an integer overflow vulnerability. A malicious user can create an IOMemoryDescriptor with a length of 0xffffffff, which will overflow at (a) giving u32 dataSize = 0, and then at (b) we'll have dataSize < headerSize, so we'll return false and not copy the report into the queue.
Services By CQR