A Cross-Site Scripting (XSS) vulnerability was discovered in ZyXEL VMG3312-B10B. An attacker can send a malicious POST request with a specially crafted payload to the vulnerable page and parameter to execute arbitrary HTML and script code in the context of the vulnerable application.
OpenSSH version < 7.7 is vulnerable to username enumeration. A malicious add_boolean function is used to malform the packet and a custom BadUsername exception is raised when the username is invalid. A call_success and call_error function is used to log valid and invalid usernames respectively.
An issue was discovered in Twitter-Clone 1 which allows a remote attacker to force any victim to delete posts. The attacker can craft a malicious HTML page with a form that submits to the tweetdel.php page with the ID of the post they want to delete. When the victim visits the page, the form is automatically submitted and the post is deleted.
Project64 2.3.2 is vulnerable to a denial of service attack when a maliciously crafted payload is pasted into the 'Plugin Directory' field in the 'Options' > 'Settings' > 'Directories' menu. This causes the application to crash.
Attacker can use multiple parameters in the provided link to inject his own data in the database of this application,the injected data can then be directly viewed in the event logs panel (manage>logger). Attacker may use this vulnerability to inject his own payload for attacks like Stored XSS. The injected payload will be executed everytime that the target page gets visited/refreshed.
This vulnerability allows an attacker to execute arbitrary code on the target system by exploiting a deserialization vulnerability in the Easylogin Pro Encryptor.php script. The attacker needs to know the key to exploit this vulnerability.
WordPress Plugin Tagregator 0.6 is vulnerable to a stored cross-site scripting vulnerability. An attacker can inject malicious JavaScript code into the title field of the plugin's settings page, which is then stored in the database. When another administrator visits the page, the malicious code is executed.
The plugin allows moderators to save notes and display them in a list in the modCP. The CSRF allows an attacker to remotely delete all mod notes and mod note logs in the modCP & ACP.
WordPress Plugin Plugin Chained Quiz before 1.0.9 allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. Chained Quiz appears to be vulnerable to time-based SQL-Injection. The issue lies on the $answer backend variable.
A vulnerability exists in SEIG Modbus 3.4 which allows remote code execution. The vulnerability is due to a stack-based buffer overflow in the SEIG Modbus 3.4 service. An attacker can send a specially crafted packet to the service to trigger the buffer overflow and execute arbitrary code. This vulnerability is tracked as CVE-2013-0662.
Services By CQR