An attacker can inject malicious scripts into the 'Dashboard Redirect' field of WordPress Plugin Admin Bar & Dashboard Access Control version 1.2.8. When a user triggers the stored payload, the injected JavaScript executes, leading to a successful XSS attack.
The exploit allows an attacker to perform a blind SQL injection attack on JFrog Artifactory versions prior to 7.25.4. By capturing a valid request to a specific endpoint and replacing the cookies and headers, the attacker can extract sensitive information from the database.
SQL injection allows unauthorized access to data, data modification, and application crashing, which can result in financial losses and reputational damage. The vulnerability exists in the 'project', 'status', 'user_id', 'sort', and 'search' GET parameters in the /home/get_tasks_list path of taskhub 2.8.7.
The Neon Text plugin for WordPress versions 1.1 and below is prone to Stored Cross-Site Scripting vulnerability through the neontext_box shortcode.
The Proxmox VE TOTP Brute Force exploit allows an attacker to perform a brute force attack on the Time-based One-Time Password (TOTP) mechanism used in Proxmox VE. By continuously guessing TOTP codes, an attacker can potentially gain unauthorized access to the system. This vulnerability has been assigned the CVE ID CVE-2023-43320.
The exploit allows an attacker to bypass identity verification in VMware Cloud Director version 10.5. By exploiting the vulnerability (CVE-2023-34060), the attacker can execute commands on the target device using hardcoded credentials.
The exploit allows remote attackers to execute arbitrary code on a target system by uploading a malicious PHP file. This vulnerability affects WordPress Seotheme. CVE details are not available.
Lot Reservation Management System allows unauthenticated users to upload files, leading to remote code execution. This could potentially result in unauthorized access to the system and sensitive information.
The R Radio FM Transmitter version 1.07 is vulnerable to an improper access control issue that allows unauthenticated users to access the system.cgi endpoint and reveal the plaintext password of the admin user, facilitating authentication bypass and unauthorized access to FM station setup.
The GoAhead Web Server version 2.5 is vulnerable to multiple HTML injection flaws as it lacks proper input validation. Exploiting this vulnerability allows an attacker to execute malicious HTML code within the context of the affected site.
Services By CQR