The exploit allows an attacker to execute remote code in Numbas version 7.2 and below. By creating a malicious theme with a crafted payload, an attacker can gain unauthorized access to the system.
Ladder v0.0.21 does not properly restrict destination addresses, enabling an attacker to send GET requests to addresses that are usually inaccessible externally. This allows unauthorized access to private address ranges, local services, and cloud instance metadata APIs. The vulnerability can be exploited to extract sensitive information.
The Akaunting version less than or equal to 3.1.3 is vulnerable to Remote Code Execution. By exploiting this vulnerability, an attacker can inject and execute arbitrary commands on the target system. This vulnerability is identified as CVE-2024-22836.
The exploit allows for remote code execution on DataCube3 v1.0 through an unrestricted file upload vulnerability. By leveraging this vulnerability, an attacker can upload malicious files to the server, leading to the execution of arbitrary code. This exploit chain also includes the disclosure of sensitive information such as root password leaks. The CVEs related to this exploit are CVE-2024-25830 and CVE-2024-25832.
A buffer overflow vulnerability exists in TP-Link TL-WR740 router, allowing attackers to crash the web server by sending a specially crafted request. Rebooting the router is required to restore the web server functionality.
The elFinder web file manager version 2.1.53 is vulnerable to remote command execution. By uploading a PHP file containing a system command, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access, data theft, and further exploitation of the target system. This vulnerability is tracked as CVE-2023-XXXX.
CSZ CMS Version 1.3.0 is vulnerable to remote command execution. An attacker can exploit this vulnerability by sending a specially crafted request to the target system, allowing the execution of arbitrary commands. This vulnerability has a CVE ID pending assignment.
The Lot Reservation Management System is a PHP/MySQLi project designed for managing land property reservations. It allows clients to view property information, reserve properties, and provides user-friendly functions. However, the application is vulnerable to an unauthenticated file disclosure exploit.
CVE-2023-46453 is an authentication bypass vulnerability found in GLiNet routers with firmware versions 4.x and above. This vulnerability allows unauthorized users to bypass authentication mechanisms and gain access to the router's web interface. The issue originates from inadequate authentication checks in the /usr/sbin/gl-ngx-session file, where the username is not properly sanitized before being processed by the login_test function in the lua script.
Services By CQR