The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
FaceSentry suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' and 'strInPort' parameters (POST) in pingTest and tcpPortTest PHP scripts.
The vulnerability allows an attacker to see the admin user and MD5 password, which can be cracked.
An attacker can obtain the target's information by visiting the URL http://[target]/[flat_php_board_path]/users/[target_username].php. The information exposed includes the target's username, password, and email. Additionally, when registering a new account, Flat PHP Board does not correctly filter the fields (Username, Password, Email), allowing an attacker to execute malicious code on the vulnerable server. The attacker can exploit this by accessing the URL http://[target]/[flat_php_board_path]/31337.php.
This module exploits a vulnerability within the 'ghelp', 'help' and 'man' URI handlers within Linux Mint's 'ubuntu-system-adjustments' package. Invoking any one the URI handlers will call the python script '/usr/local/bin/yelp' with the contents of the supplied URI handler as its argument. The script will then search for the strings 'gnome-help' or 'ubuntu-help' and if doesn't find either of them it'll then execute os.system('/usr/bin/yelp %s' % args). User interaction is required to exploit this vulnerability.
This vulnerability allows an attacker to disclose files on the target system by exploiting the download_file.php script in PolDoc CMS version 0.96. By manipulating the 'filename' parameter in the URL, an attacker can traverse directories and access sensitive files, such as the /etc/passwd file.
This is a stack overflow vulnerability in Nullsoft Winamp MP4 tags. It allows remote attackers to execute arbitrary code via a crafted MP4 file, leading to a shell on port 49152. The vulnerability is specific to Nullsoft Winamp version 5.32.
The Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in EoP. The service opens a handle to the calling process and duplicates the section handle into the caller without providing SECTION_MAP_WRITE access. However, the section objects are created without a name or security descriptor, allowing the caller to call DuplicateHandle again to get back write access on the section handle and modify the contents.
The GSearch application version 1.0.1.0 is vulnerable to a denial of service attack. By providing a specially crafted payload to the application, an attacker can cause the application to crash. This can be achieved by copying the payload text from the generated PoC.txt file, pasting it into the search bar of the application, and then clicking on any link.
This vulnerability allows an attacker to inject malicious scripts into a website, which are then stored and executed when the targeted user accesses the affected page. In this case, the vulnerability is present in the 'out/out.UsrMgr.php' file in SeedDMS versions prior to 5.1.11. By modifying user details and inserting a script, an attacker can execute arbitrary code on the victim's browser.
Services By CQR