This exploit allows an attacker to cause a denial of service on the OpenPLC WebServer by sending a specially crafted request. By exploiting this vulnerability, an attacker can disrupt the normal functioning of the WebServer and potentially impact the availability of the OpenPLC system.
The Crypto Currency Tracker (CCT) version 9.5 allows unauthenticated users to create an admin account by sending a specially crafted POST request to the /en/user/register endpoint. This vulnerability can be exploited by an attacker to gain unauthorized administrative access to the application.
The location_id parameter in Shuttle-Booking-Software v1.0 is vulnerable to SQL injection attacks. By submitting a single quote or two single quotes in the location_id parameter, an attacker can trigger a database error message or retrieve information from the database.
The Atcom 2.7.x.x web interface is vulnerable to command injection. An authenticated attacker can execute arbitrary commands by sending a specially crafted request to the web_cgi_main.cgi script.
The Online ID Generator 1.0 is vulnerable to remote code execution. It allows an attacker to bypass login using SQL injection and upload a malicious shell to execute arbitrary code on the server. By accessing the uploaded shell via a remote browser, the attacker can achieve remote code execution.
This exploit allows an attacker to create an unauthenticated instructor account in the Masterstudy LMS Wordpress plugin version 3.0.17 or below. By exploiting this vulnerability, an attacker can gain unauthorized access and perform various actions on the LMS system.
In Cacti 1.2.24, under certain conditions, an authenticated privileged user can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server.
This exploit allows an attacker to remotely execute code on the OpenPLC_v3 WebServer. The vulnerability occurs when the web server fails to properly handle user authentication, allowing an attacker to bypass authentication and gain unauthorized access to the server. By exploiting this vulnerability, an attacker can perform various malicious activities, including uploading and executing arbitrary code on the target system.
This exploit allows an attacker to execute arbitrary JavaScript code in the context of a user's browser by injecting a malicious payload into the comment section of a published page in the Wordpress Sonaar Music Plugin 4.7. The payload used in this example is <script>alert("XSS")</script>.
The media function in WEBIGniter v28.7.23 is vulnerable to file upload, allowing an attacker to upload and execute PHP files remotely. This can lead to malicious activities on the server.
Services By CQR