The exploit triggers multiple memory corruption vectors in DHCP parsing of TP-Link VN020 F3v(T) TT_V6.2.1021 routers. It involves a stack overflow through an oversized hostname (127 bytes), parser confusion via malformed length fields, and a vendor-specific option parsing edge case. By sending a crafted DHCP DISCOVER packet, the attacker overflows the hostname buffer and corrupts length fields in DHCP options, leading to a service crash.
The exploit allows for remote code execution in Centreon 19.04 through a login password bruteforce attack using the centbruteon.py script. By sending specially crafted requests to the Centreon API authentication endpoint, an attacker can execute arbitrary code on the target system.
The Ancillary Function Driver for WinSock in Microsoft Windows 11 Pro 23H2 allows local users to gain privileges via a crafted application, leading to privilege escalation. This vulnerability is identified as CVE-2024-38193.
SQL injection vulnerability in JUX Real Estate 3.4.0 allows attackers to access sensitive data, modify data, and potentially disrupt the application, resulting in financial losses and reputational damage to the organization.
The exploit involves performing SQL injection in Feng Office version 3.11.1.2 by manipulating the 'dim' parameter value in the HTTP GET request. By using tools like SQLMap, an attacker can automate the injection process to access or manipulate the database.
The CyberPanel version 2.3.6 and earlier allows remote attackers to execute arbitrary code via a crafted request to specific endpoints, leading to command injection. This vulnerability has been assigned CVE-2024-51378.
The Apache HugeGraph Server version 1.2.0 and prior is vulnerable to remote code execution. By sending a crafted payload to the server, an attacker can execute arbitrary code on the target system.
The Xinet Elegant 6 Asset Library version 6.1.655 is vulnerable to pre-auth SQL injection. An attacker can exploit this vulnerability to dump tables, usernames, and passwords by manipulating the 'LoginForm[username]' parameter.
The exploit allows remote attackers to execute arbitrary code on the target system by uploading a malicious payload to a specific URL and triggering it through a crafted request. This vulnerability is identified as CVE-2025-24813 affecting Apache Tomcat versions prior to 11.0.3, 10.1.35, and 9.0.98.
In ProConf version before 6.1, an Insecure Direct Object Reference (IDOR) vulnerability exists. This vulnerability allows any author to access and retrieve all submitted papers including titles, abstracts, and personal information of authors (such as Name, Email, Organization, and Position) by manipulating the Paper ID parameter.
Services By CQR