The 'email' parameter of dawa-pharma-1.0-2022 is vulnerable to SQL injection attacks. By injecting a malicious payload that includes a sub-query calling MySQL's load_file function with a UNC file path pointing to an external domain, an attacker can execute arbitrary SQL queries. This can lead to unauthorized access to sensitive client information and server credentials.
The exploit leverages a buffer overflow vulnerability in A-PDF All to MP3 Converter version 2.0.0 to bypass Data Execution Prevention (DEP) using a ROP chain that includes HeapCreate, HeapAlloc, and a memory copy function. By crafting a malicious .wav file, an attacker can trigger the vulnerability and execute arbitrary code on the target system. This exploit was tested on Windows 7 Ultimate 6.1.7601 SP1 Build 7601 x64.
The Lost and Found Information System v1.0 is vulnerable to an Insecure Direct Object Reference (IDOR) attack, which can be exploited by an authenticated attacker to take over user accounts. By manipulating the 'id' parameter in the POST request to '/classes/Users.php?f=save', an attacker can modify user information and potentially gain unauthorized access to other user accounts. This vulnerability has been assigned CVE-2023-38965.
The Easywall version 0.3.1 is vulnerable to authenticated remote command execution. By exploiting a command injection vulnerability in the 'port' parameter, an attacker can execute arbitrary commands on the target system. Successful exploitation can lead to unauthorized access and potential system compromise.
Windows Defender typically prevents execution of TrojanWin32Powessere.G by leveraging rundll32.exe, resulting in 'Access is denied' error. A mitigation bypass was disclosed in 2022 involving mshtml reference traversal. However, using multiple commas bypasses this mitigation, allowing successful execution.
An issue in WyreStorm Apollo VX20 devices before 1.3.58 allows attackers to determine valid accounts via the TELNET service, which prompts for a password only after a valid username is entered. This can lead to brute force attacks on valid accounts.
A vulnerability exists in WyreStorm Apollo VX20 devices prior to version 1.3.58, allowing remote attackers to retrieve clear text credentials for the SoftAP Router's device configuration using an HTTP GET request. This can lead to unauthorized access to sensitive information. An attacker can exploit this issue by making an HTTP request to retrieve the credentials.
A critical SQL Injection vulnerability was found in the Bank Locker Management System application, allowing attackers to bypass authentication and gain unauthorized access.
The Human Resource Management System project in PHP and MySQL version 1.0 is vulnerable to SQL injection through the 'employeeid' parameter. By injecting malicious SQL payloads, an attacker can manipulate the database and potentially extract sensitive information. This exploit has been successfully tested on Windows 10 Pro running XAMPP V3.3.0.
SnipeIT version 6.2.1 is prone to a stored cross-site scripting (XSS) vulnerability, which could allow attackers to execute arbitrary JavaScript code. The vulnerability exists in the location endpoint.
Services By CQR