A Cross Site Scripting vulnerability was found in Petrol Pump Management Software v1.0. By injecting a malicious payload into the 'Address' parameter in the add_invoices.php component, an attacker can execute arbitrary code. This vulnerability could be exploited to perform various malicious actions.
The Neon Text plugin for WordPress version 1.1 and below is prone to Stored Cross-Site Scripting (XSS) vulnerability through the neontext_box shortcode.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
The exploit allows an attacker to include files from the local file system on the Boss Mini 1.4.0 application. By exploiting this vulnerability, an attacker can potentially access sensitive files and data stored on the server. This vulnerability has been assigned CVE-2023-3643.
GL.iNet devices with firmware version <= 3.216 are vulnerable to remote code execution through the OpenVPN client configuration upload functionality. An attacker can exploit this vulnerability to execute arbitrary code on the target device. This vulnerability has been assigned CVE-2023-46456.
The GL.iNet <= 4.3.7 allows an attacker to write arbitrary files on the system by exploiting a vulnerability in the '/upload' endpoint. By crafting a malicious shadow file, an attacker can change the root user's password and gain unauthorized access to the system. This vulnerability has been assigned the CVE-2023-46455.
The code snippet provided is an example of a remote command execution vulnerability in TPC-110W devices. By exploiting this vulnerability, an attacker can execute arbitrary commands on the target device with root privileges. This can lead to unauthorized access, data theft, or further compromise of the device. This vulnerability does not have a specific CVE assigned.
An attacker can inject malicious XSLT code through the 'XSLT Configuration' option in the 'Import Jobs' feature of Magento version 2.4.6, allowing them to execute commands on the server. This vulnerability has a potential impact on the confidentiality, integrity, and availability of the system.
The kk Star Ratings plugin before version 5.4.6 in WordPress allows attackers to manipulate ratings by exploiting a race condition. By intercepting the rating submission request using tools like Burp and Turbo Intruder, an attacker can send multiple requests simultaneously to the server, resulting in the manipulation of star ratings.
The Solar-Log 200 PM+ 3.6.0 Build 99 web panel is vulnerable to stored cross-site scripting (XSS) due to improper input validation. An attacker can inject malicious code into the 'name' field, which triggers an XSS payload when a privileged user hovers over the manipulated content, leading to potential cookie theft.
Services By CQR