The package_id parameter in Equipment Rental Script-1.0 is vulnerable to SQL injection attacks. By submitting the payload ' in the package_id parameter, a database error message is returned. This vulnerability allows attackers to steal sensitive information from the database.
The Rail Pass Management System's searchdata parameter in the search function is vulnerable to a time-based SQL injection attack. By sending a crafted payload, an attacker can cause the response time to increase significantly, indicating a successful injection.
A buffer overflow vulnerability exists in TP-Link TL-WR740N router, allowing an attacker to crash the web server by sending a specially crafted request. Rebooting the router is necessary to restore the web server functionality.
Splunk version 9.0.4 is vulnerable to information disclosure where an attacker can append /__raw/services/server/info/server-info?output_mode=json to a query to access sensitive data like license keys. This can lead to unauthorized access to critical information.
Electrolink FM/DAB/TV Transmitters with web version 01.09, 01.08, and 01.07, display version 1.4 and 1.2, and control unit version 01.06, 01.04, and 01.03 are vulnerable to an unauthenticated remote Denial of Service (DoS) attack. This could allow an attacker to disrupt the broadcasting services, leading to a loss of service availability.
The Flashcard Quiz App v1.0 is vulnerable to SQL injection. This allows an attacker to manipulate the SQL query by injecting malicious SQL code into the 'card' parameter in the URL, potentially leading to unauthorized actions on the database.
The Advanced Page Visit Counter plugin for WordPress, up to version 8.0.5, is vulnerable to a Stored Cross-Site Scripting (XSS) attack. This vulnerability allows authenticated users, including administrators, to inject malicious scripts into the plugin's settings, potentially leading to the execution of arbitrary code in the context of other users' sessions.
The perl2exe tool, up to version V30.10C, allows attackers to execute arbitrary code by manipulating the 0th argument of executables created with perl2exe. By crafting the argument, malicious actors can make the executable run another compiled executable, potentially leading to code execution and escaping restricted shell environments.
Client Details System 1.0 is vulnerable to SQL Injection through the 'uemail' parameter in the '/clientdetails/' endpoint. An attacker can exploit this vulnerability to compromise the application, access or manipulate data, or leverage other vulnerabilities in the database.
The Curfew e-Pass Management System 1.0 is vulnerable to SQL Injection in the 'FromDate' parameter. By manipulating the 'FromDate' parameter, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access to the database. This vulnerability has been tested on Windows 10/Wamp.
Services By CQR