Lot Reservation Management System is a PHP/MySQLi project designed for managing property reservations. The system lacks proper authentication, allowing unauthenticated users to upload malicious files and execute remote code on the server. This could lead to unauthorized access, data breaches, and system compromise.
Multiple SQL injection vulnerabilities were found in Customer Support System 1.0, allowing authenticated attackers to execute arbitrary SQL commands via the parameters department_id, customer_id, and subject. An example payload could be '+(select*from(select(sleep(20)))a)+'
The vulnerability in Atemio AM 520 HD Full HD satellite receiver with firmware <=2.01 allows an unauthorized attacker to execute system commands with elevated privileges. By using the 'getcommand' query, the attacker can achieve root access.
The vulnerability in Windows PowerShell allows the execution of arbitrary code by combining the semicolon ";" and ampersand "&" characters to bypass the single quote limitation in filenames. This can lead to event log failures and code execution. By using specially crafted filenames, an attacker can trigger malicious code execution. This issue affects PowerShell API calls and module commands.
An attacker can send crafted HEX values to the GATT Charactristic handle '0x0012' on the Maxima Max Pro Power watch to perform unauthorized actions like changing Time display format, updating Time, and notifications. The lack of integrity checks allows the attacker to sniff values from one smartwatch and replay them on another, leading to unauthorized actions.
A Cross Site Scripting vulnerability was found in Petrol Pump Management Software v.1.0. This vulnerability allows an attacker to execute malicious code by uploading a specially crafted SVG file to the 'image' parameter in the profile.php component. By exploiting this vulnerability, an attacker can conduct various attacks such as stealing sensitive data, session hijacking, or defacing the website.
The AC Repair and Services System v1.0 is prone to multiple SQL injection vulnerabilities. An attacker can exploit these issues by manipulating the 'id' parameter in the 'manage_user.php' and 'Master.php' files, allowing unauthorized access to the database. This can lead to data leakage, modification, or deletion. This vulnerability has been tested using sqlmap tool.
A file upload vulnerability in Petrol Pump Management Software v1.0 allows attackers to run arbitrary code by uploading a malicious payload to the 'Image' parameter in the 'profile.php' component.
The Simple Student Attendance System v1.0 is vulnerable to 'classid' Time Based Blind & Union Based SQL Injection. By injecting malicious SQL queries into the 'classid' parameter, an attacker can manipulate the database, retrieve sensitive information, and potentially take control of the system. This vulnerability has a CVE ID pending assignment.
The GL.iNet firmware version 4.3.7 is vulnerable to remote code execution via the OpenVPN client. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability has been assigned the CVE-2023-46454.
Services By CQR