The vulnerability allows remote attackers to inject own malicious script codes on the application-side of the vulnerable module. The persistent input validation vulnerability is located in the `name` value of the `/cgi-bin/login.cgi` POST method request. Remote attackers are able to inject own malicious script codes to the vulnerable `name` value of the `/cgi-bin/login.cgi` POST method request. The execution of the malicious script code occurs in the main page of the web application after successful login. The request method to inject is POST and the attack vector is located on the application-side.
Weblogic wls-wsat Component Deserialization RCE is a vulnerability in Oracle WebLogic Server that allows an unauthenticated attacker to send a malicious XML request to the WebLogic Server and execute arbitrary code on the server.
An directory or path traversal web vulnerability has been discovered in the official Photos in Wifi v1.0.1 iOS mobile web-application. The vulnerability allows remote attackers to access or include external files from the local or external system or server. The vulnerability is located in the `file` value of the `/upload` POST method request. Remote attackers are able to inject own malicious script codes to the vulnerable file upload request method to compromise the web-application or connected system.
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. This can be done by sending a request to the forget_passwd.cgi page with a username as a parameter.
DiskBoss Enterprise Server 8.5.12 the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.
Sync Breeze Enterprise Server v10.1.16, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.
Disk Pulse Enterprise Server v10.1.18 suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.
In Flexense VX Search Enterprise Server v10.1.12, the Control Protocl suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.
This module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card.
Gespage is a web solution providing a printer portal. The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection (Stacked Queries - comment). These vulnerabilities could allow attackers to retrieve / update data from the database through the application.
Services By CQR