CVE-2023-46453 is an authentication bypass vulnerability in GLiNet routers with firmware versions 4.x and above. By exploiting this vulnerability, an attacker can bypass authentication mechanisms and access the router's web interface. The issue arises from improper authentication checks in the /usr/sbin/gl-ngx-session file.
A Stored Cross Site Scripting (XSS) vulnerability in Petrol Pump Management Software v1.0 allows attackers to execute malicious code by injecting a crafted payload into the Address parameter in the add_invoices.php component.
An SQL injection vulnerability in WP Fastest Cache 1.2.2 allows an unauthenticated attacker to execute SQL queries on the system.
A proof-of-concept scenario showcasing a host header injection vulnerability in sisqualWFM version 7.1.319.103, particularly targeting the /sisqualIdentityServer/core endpoint. Exploiting this flaw could allow an attacker to manipulate webpage links or redirect users to malicious sites by altering the host header.
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can access sensitive information such as login credentials by directly visiting certain web pages like login.htm and mail.htm on the affected devices.
The vulnerability exists in ManageEngine ADManager Plus Build version less than 7183, allowing helpdesk technicians without backup/recovery privileges to view and compromise user account passwords through password spraying attacks in Active Directory.
The Blood Donor Management System v2.2 is vulnerable to stored XSS. By modifying certain input fields like 'Adress', 'Email id', or 'Contact Number' with a crafted payload, an attacker can trigger XSS when the affected page is loaded.
The WordPress Plugin Admin Bar & Dashboard Access Control version 1.2.8 is vulnerable to stored cross-site scripting (XSS) due to improper input validation in the 'Dashboard Redirect' field. An attacker can store malicious scripts in this field, leading to the execution of arbitrary JavaScript code when triggered.
The exploit allows an attacker to perform a blind SQL injection attack on JFrog Artifactory versions prior to 7.25.4. By sending crafted requests to the '/ui/api/v1/global-search/bundles/received' endpoint, an attacker can extract sensitive information from the database. This vulnerability is identified as CVE-2021-3860.
SQL injection attacks can lead to unauthorized access to sensitive data, data modification, application crashes, and service unavailability, resulting in financial losses and reputation damage.
Services By CQR