This exploit allows an attacker to gain access to the username and password of a vulnerable Heatmiser thermostat by using a wget command to copy the disclosing page and then using grep and awk commands to extract the credentials.
GIU Gallery Image Upload 0.3.1 is vulnerable to a SQL injection vulnerability in the 'category' parameter. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords. The vulnerability is due to insufficient sanitization of user-supplied input in the 'category' parameter. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This will allow the attacker to gain access to sensitive information from the database.
MV Video Sharing Software version 1.2 is vulnerable to a SQL injection vulnerability in the 'searchname' parameter of the search.php script. An attacker can send a malicious SQL query to the searchname parameter to execute arbitrary SQL commands in the context of the application's database user. This can be used to access or modify data in the back-end database.
The client+ user group can run sql injection codes. An attacker can send a specially crafted HTTP request to the vulnerable application in order to exploit this vulnerability and execute arbitrary SQL commands in application's database.
Vishesh Auto Index 3.1 is vulnerable to a SQL injection vulnerability in the 'fid' parameter of the 'file.php' script. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
All users can run sql injection codes. The POC involves sending a malicious GET request to the update_release.php page with a malicious 'release_id' parameter. This parameter is not properly sanitized and can be used to inject malicious SQL code.
HotelDruid 2.2.4 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'anno' parameter in the 'privilegi_utenti.php' and 'gestione_utenti.php' scripts. This can be exploited to read, modify or delete data from the database.
A vulnerability in Academic Timetable Final Build 7.0a-7.0b allows an attacker to view user information such as usernames, passwords, and roles.
Possible arbitrary code execution when opening a ".nxs" nomachine file type on client's wintab32.dll preload. This issue regards the client part of all NoMachine installations on Windows (NoMachine free, NoMachine Enterprise Client, NoMachine Enteprise Desktop and NoMachine Cloud Server). 1) create a 32 bit DLL named "wintab32.dll" 2) create an native nomachine ".NXS" file and open it alongside the trojan "wintab32.dll" DLL from Network share or any dir. BOOM!
Centos Web Panel 0.9.8.480 is vulnerable to Command Injection. Attackers can inject malicious commands via the service_start and service_restart parameters in the index.php file. The malicious commands are executed in the context of the web server user.
Services By CQR