The 'cid' parameter in Fundraising Script-1.0 is vulnerable to SQL injection attacks. By submitting the payload ' as the cid parameter, a database error message was returned. If the database is not empty, this vulnerability could lead to unauthorized access to sensitive information such as donor's money and bank account details.
A file upload vulnerability in Petrol Pump Management Software v1.0 allows an attacker to run arbitrary code by uploading a specially crafted payload to the 'Image' parameter in the 'profile.php' component.
WhatsUp Gold 2022 (22.1.0 Build 39) is vulnerable to stored cross-site scripting (XSS) via the sysName SNMP parameter. An attacker can inject malicious scripts into the admin console by crafting a specially crafted SNMP device name, leading to code execution in the context of the admin user. This could result in data theft or unauthorized actions. The exploit involves adding a Powershell reverse shell that connects to the attacker every 5 minutes.
The Simple Student Attendance System v1.0 is vulnerable to 'classid' Time Based Blind and Union Based SQL Injection. An attacker can manipulate the 'classid' parameter to execute arbitrary SQL queries.
The PCMan FTP Server 2.0 is vulnerable to a remote buffer overflow exploit in the 'pwd' command. By sending a specially crafted payload, an attacker can trigger a buffer overflow, potentially leading to remote code execution. This vulnerability has a CVE ID associated with it, but the specific ID is not provided in the text.
IBM i Access Client Solutions (ACS) is vulnerable to remote credential theft when NT LAN Manager (NTLM) is enabled on Windows workstations. By creating UNC paths within ACS configuration files pointing to a malicious server, attackers can capture NTLM hash information and obtain user credentials.
A severe vulnerability has been found in the directory '/wordpress/wp-content/backups-dup-lite/tmp/' of WordPress Plugin Duplicator version 1.5.7.1. This vulnerability discloses significant information about the site's configuration, directories, files, and provides unauthorized access to sensitive database data, leading to potential brute force attacks on password hashes and system compromise.
The TP-LINK TL-WR740N router version 3.12.11 Build 110915 Rel.40896n is vulnerable to multiple HTML injection issues. By inserting HTML code like <h1>Hello<h1> into the Target Description box under Access control settings, an attacker can inject arbitrary HTML code into the webpage.
Electrolink FM/DAB/TV Transmitter devices with web version 01.09, 01.08, 01.07, display version 1.4, 1.2, control unit version 01.06, 01.04, 01.03, and firmware version 2.1 are vulnerable to a pre-authentication MPFS image remote code execution. An attacker could exploit this vulnerability to execute arbitrary code on the affected system.
The GL.iNet firmware version 4.3.7 is vulnerable to remote code execution via the OpenVPN client. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This vulnerability has been assigned CVE-2023-46454.
Services By CQR