An exploit for Adobe ColdFusion versions 2018,15 and earlier, and 2021,5 and earlier allows an attacker to read arbitrary files due to improper input validation. This vulnerability is identified as CVE-2023-26360.
Client Details System 1.0 is vulnerable to SQL Injection through the 'uemail' parameter in the '/clientdetails/' endpoint. This exploit allows attackers to compromise the application, access or modify data, and potentially exploit other vulnerabilities in the database.
Windows Defender's mitigation bypass for TrojanWin32Powessere.G allows execution leveraging rundll32.exe. By using multi-commas, the mitigation can be bypassed, enabling successful execution.
The Human Resource Management System version 1.0 is vulnerable to SQL injection via the 'employeeid' parameter. By injecting malicious payloads like 'employeeid=2' AND 9667=9667-- NFMg' or 'employeeid=-4254' UNION ALL SELECT NULL,CONCAT(0x716a767671,0x457977584e79636568687641497a4b6e637668455Z487948534E50737753626F5A4A545244616276,0x7162716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--, an attacker can manipulate the database and retrieve sensitive information.
The exploit allows an attacker to execute remote code in Numbas version 7.2 and below. By creating a malicious theme with a crafted payload, an attacker can gain unauthorized access to the system.
Ladder v0.0.21 does not properly restrict destination addresses, enabling an attacker to send GET requests to addresses that are usually inaccessible externally. This allows unauthorized access to private address ranges, local services, and cloud instance metadata APIs. The vulnerability can be exploited to extract sensitive information.
The Akaunting version less than or equal to 3.1.3 is vulnerable to Remote Code Execution. By exploiting this vulnerability, an attacker can inject and execute arbitrary commands on the target system. This vulnerability is identified as CVE-2024-22836.
The exploit allows for remote code execution on DataCube3 v1.0 through an unrestricted file upload vulnerability. By leveraging this vulnerability, an attacker can upload malicious files to the server, leading to the execution of arbitrary code. This exploit chain also includes the disclosure of sensitive information such as root password leaks. The CVEs related to this exploit are CVE-2024-25830 and CVE-2024-25832.
A buffer overflow vulnerability exists in TP-Link TL-WR740 router, allowing attackers to crash the web server by sending a specially crafted request. Rebooting the router is required to restore the web server functionality.
Services By CQR