The FAQ Management System v1.0 is vulnerable to SQL injection due to unsanitized user input ($_GET['faq']) directly used in an SQL query. An attacker can exploit this by manipulating the 'faq' parameter to inject malicious SQL code, potentially causing unauthorized database operations.
The exploit involves a buffer overflow vulnerability in XAMPP v3.3.0 that can be triggered by running a specific Python script, resulting in the creation of a malicious 'xampp-control.ini' file. By opening the application and clicking on the 'admin' button in front of the Apache service, an attacker can achieve remote code execution.
Electrolink FM/DAB/TV Transmitter products are prone to an Authentication Bypass vulnerability. Attackers can bypass authentication mechanisms by manipulating login cookies, gaining unauthorized access to the transmitter systems. This issue affects various versions of the transmitters, including Compact DAB Transmitters, Medium DAB Transmitters, High Power DAB Transmitters, Compact FM Transmitters, Modular FM Transmitters, Digital FM Transmitters, VHF TV Transmitters, and UHF TV Transmitters.
The Equipment Rental Script-1.0 is vulnerable to SQL injection in the package_id parameter. By injecting a payload such as 'mysql', an attacker can manipulate the database and potentially retrieve sensitive information. An error message was triggered when the payload was injected, indicating the presence of a SQL injection vulnerability.
Rail Pass Management System's download-pass.php page is vulnerable to a time-based SQL injection through the searchdata parameter in the search function.
A buffer overflow vulnerability in TP-Link TL-WR740 router allows attackers to crash the web server by sending a specially crafted request, requiring a physical reboot to restore functionality.
Splunk version 9.0.4 is vulnerable to an information disclosure exploit. By appending /__raw/services/server/info/server-info?output_mode=json to a query, attackers can access sensitive information such as license keys.
An unauthenticated attacker can exploit Electrolink FM/DAB/TV Transmitter systems, affecting versions ranging from 10W to 30kW, leading to a remote Denial of Service (DoS) condition. By sending specially crafted requests, the attacker can disrupt the normal operation of the transmitters, potentially causing service interruptions or downtime.
The Flashcard Quiz App v1.0 is prone to SQL injection due to unsanitized user inputs directly concatenated into SQL queries. An attacker can manipulate the SQL query through the 'card' parameter in the URL, potentially leading to unauthorized actions on the database.
The Advanced Page Visit Counter plugin for WordPress version 8.0.5 is vulnerable to Stored Cross-Site Scripting (XSS) attacks. A high privilege user such as an admin can execute malicious scripts in the plugin's settings, even if the unfiltered_html capability is restricted.
Services By CQR