Multiple SQL injection vulnerabilities were found in Customer Support System 1.0. These vulnerabilities can be exploited by authenticated attackers to run arbitrary SQL commands through the parameters department_id, customer_id, and subject.
The code snippet demonstrates a C program that establishes a socket connection to a remote device with IP address 192.168.1.10 on port 8888. It then sends a command 'id' to the device, which is executed with root privileges. This vulnerability could be exploited by an attacker to remotely execute arbitrary commands on the target device.
The exploit allows an attacker to access sensitive files like /etc/shadow on TP-Link TL-WR740N routers with firmware version 3.12.11 Build 110915 Rel.40896n. This can lead to unauthorized access and potential compromise of the device. This vulnerability has not been assigned a CVE yet.
The exploit allows an attacker to execute remote code on Elasticsearch versions 8.5.3 and OpenSearch. By sending a crafted payload within a search query, an attacker can trigger the vulnerability. This exploit is linked to CVE-2023-31419.
The 'bookid' parameter in Online Nurse Hiring System 1.0 is vulnerable to Time-Based SQL Injection. An attacker can exploit this vulnerability to manipulate the SQL query and cause delays in response.
The 'id' parameter in PHP Shopping Cart-4.2 is vulnerable to SQL injection attacks. By manipulating the 'id' parameter, an attacker can easily retrieve sensitive information from the database of the web application.
The Hitachi NAS (HNAS) System Management Unit (SMU) before version 14.8.7825.01 is vulnerable to an Insecure Direct Object Reference (IDOR) issue. An attacker can exploit this vulnerability to download arbitrary files from the server. This vulnerability has been assigned CVE-2023-5808.
Stored Cross-site scripting (XSS) is a severe vulnerability where a malicious script is inserted into a vulnerable web application, leading to potential attacks on users. In this exploit for WEBIGniter v28.7.23, an attacker can inject a script by manipulating the 'Name' parameter in the 'Categories' section, allowing execution of arbitrary scripts on the victim's browser.
The Employee Management System v1 is vulnerable to SQL injection due to improper handling of user-provided data in the SQL query used for user login. This can lead to unauthorized access and potential data theft.
The vulnerability allows an authenticated admin user to perform a server-side injection attack by exploiting the XSLT configuration feature. By crafting a malicious XSLT payload, the attacker can execute arbitrary commands on the server.
Services By CQR