The Free IP Switcher version 3.1 is vulnerable to a denial of service (DoS) attack. By sending a specially crafted payload, an attacker can cause the application to crash, resulting in a denial of service condition. This proof of concept (PoC) exploit triggers the crash by opening the Free IP Switcher application and performing specific actions, including pasting malicious content from a clipboard.
This exploit allows an attacker to remotely cause a denial of service (DoS) and freeze the system of AirMore version 1.6.1. By sending a specially crafted request to the server, the attacker can trigger a DoS condition and cause the system to freeze.
A registered user can change his/her name and read all other's private messages. Multiple SQL injection vulnerabilities found in nc_top.asp, inc_bookmarks.asp, inc_profile_functions.asp, and inc_SUBSCRIPTIONS.asp.
exacqVision ESM 5.12.2 suffers from Privilege Escalation due to insecure file permissions. By default, the Authenticated Users group has the modify permission to ESM folders/files, allowing a low privilege account to rename the enterprisesystemmanager.exe file and replace it with a malicious file that can give system level privileges. Restarting the computer triggers the execution of the malicious file.
Bcoos is a CMS coming from the cores of E-Xoops. The vulnerabilities include Local File Inclusion (Remote Code Execution). The code snippets provided show the areas of the code where the vulnerabilities exist.
The PiLuS 1.4.1 version of the web application PilusCart is vulnerable to SQL injection. By modifying the 'send' parameter in the POST request, an attacker can inject SQL code and manipulate the database.
The Rukovoditel Project Management CRM 2.4.1 version is vulnerable to a DOM based XSS vulnerability. By manipulating the URL and injecting malicious code, an attacker can execute arbitrary scripts in the victim's browser.
This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these values.
This vulnerability allows an attacker to include a remote file in the com_juser component of Joomla version 1.0.14. By exploiting this vulnerability, an attacker can execute malicious code on the target system.
There is a race condition between the direct reclaim path and the munmap() syscall in the binder subsystem. The munmap() syscall enters binder through the binder_vm_ops close handler, while the direct reclaim path enters binder through the binder_shrinker. This race condition can lead to potential vulnerabilities.
Services By CQR