WyreStorm Apollo VX20 devices before version 1.3.58 are vulnerable to an account enumeration issue where the TELNET service prompts for a password only after a valid username is entered. Attackers who can access the Telnet service can identify valid accounts, potentially leading to brute force attacks on valid accounts.
An issue in WyreStorm Apollo VX20 devices before version 1.3.58 allows remote attackers to access cleartext credentials for the SoftAP Router configuration using an HTTP GET request, leading to unauthorized disclosure of sensitive information.
A critical SQL Injection vulnerability was found in the Bank Locker Management System application, allowing an attacker to bypass authentication and gain unauthorized access to the system. By injecting 'admin' or '1'='1-- -' in the login and password fields, an attacker can access the application with administrative privileges.
The Human Resource Management System version 1.0 is vulnerable to SQL Injection through the 'employeeid' parameter. By using crafted payloads like 'employeeid=2' AND 9667=9667-- NFMg', an attacker can manipulate the SQL queries to extract sensitive information from the database. Successful exploitation allows unauthorized access to the database.
The exploit allows an attacker to remotely execute code on the vulnerable server without authentication. This vulnerability has been assigned CVE-2023-38646. An attacker can send a malicious GET request to the '/exploitable' path, leading to the execution of arbitrary code.
The Numbas software version 7.2 and below allows remote attackers to execute arbitrary code via crafted input, due to improper input validation. This vulnerability has been assigned CVE-2024-27612.
The VIMESA VHF/FM Transmitter Blue Plus 9.7.1 is vulnerable to a Denial of Service (DoS) attack. By sending an unauthorized HTTP GET request to the unprotected endpoint 'doreboot', an unauthenticated attacker can restart the transmitter operations, causing a denial of service.
The vulnerability exists in Blood Bank v1.0 due to insufficient input validation on 'hemail' and 'hpassword' parameters. This allows attackers to execute SQL injection attacks, bypass authentication, and unauthorized access the database. The affected file is /hospitalLogin.php.
SnipeIT version 6.2.1 is vulnerable to stored cross-site scripting (XSS) due to a flaw that enables malicious actors to run JavaScript commands. The vulnerability lies in the location endpoint.
The exploit targets Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, and several other firmware versions. An authenticated attacker could exploit the improper input validation flaws in some CLI commands to cause a buffer overflow or system crash with a crafted payload.
Services By CQR