This exploit allows an attacker to perform a path traversal attack on Minio versions up to (excluding) 2022-07-29T19-40-48Z. By manipulating the updateURL parameter, an attacker can access sensitive files such as /etc/passwd.
The media function suffers from file upload vulnerability. The attacker can upload and execute PHP files remotely, potentially leading to malicious activities on the server.
The application suffers from an insecure access control allowing an unauthenticated attacker to change accounts passwords and bypass authentication gaining panel control access.
An unauthenticated attacker can retrieve the controller's configuration backup file and extract sensitive information that can allow him/her/them to bypass security controls and penetrate the system in its entirety.
This exploit allows an attacker to cause a denial of service on the OpenPLC WebServer by sending a specially crafted request. By exploiting this vulnerability, an attacker can disrupt the normal functioning of the WebServer and potentially impact the availability of the OpenPLC system.
The Crypto Currency Tracker (CCT) version 9.5 allows unauthenticated users to create an admin account by sending a specially crafted POST request to the /en/user/register endpoint. This vulnerability can be exploited by an attacker to gain unauthorized administrative access to the application.
The location_id parameter in Shuttle-Booking-Software v1.0 is vulnerable to SQL injection attacks. By submitting a single quote or two single quotes in the location_id parameter, an attacker can trigger a database error message or retrieve information from the database.
The Atcom 2.7.x.x web interface is vulnerable to command injection. An authenticated attacker can execute arbitrary commands by sending a specially crafted request to the web_cgi_main.cgi script.
The Online ID Generator 1.0 is vulnerable to remote code execution. It allows an attacker to bypass login using SQL injection and upload a malicious shell to execute arbitrary code on the server. By accessing the uploaded shell via a remote browser, the attacker can achieve remote code execution.
This exploit allows an attacker to create an unauthenticated instructor account in the Masterstudy LMS Wordpress plugin version 3.0.17 or below. By exploiting this vulnerability, an attacker can gain unauthorized access and perform various actions on the LMS system.
Services By CQR