The osCommerce 2.3.4.1 version web application is vulnerable to SQL injection. By replacing the 'products_id' value in the URL with a high number and adding a specific payload, an attacker can execute arbitrary SQL queries.
The osCommerce 2.3.4.1 web application is vulnerable to SQL injection. By manipulating the 'currency' parameter in the shopping_cart.php URL, an attacker can inject malicious SQL code and retrieve sensitive information from the database.
This exploit allows an attacker to perform a CSRF attack on the Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem. The attacker can trick the victim into submitting a malicious request that performs unauthorized actions on the modem.
The River_Past_Audio_Converter software is vulnerable to a Denial of Service (DoS) attack. By providing a specially crafted input, an attacker can cause the software to crash. This can be achieved by running a Python script that generates a payload of 3000 bytes and pasting it into the 'E-Mail and Activation Code' field of the software. This vulnerability allows an attacker to disrupt the normal functioning of the software.
The Permanent Xss vulnerability allows an attacker to insert XSS code in the message of the vedipm module and live_chat module. The Local File Inclusion vulnerability allows an attacker to include any file present on the server by manipulating the 'module' parameter in the index.php file. The CSRF vulnerability is also present.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
The pfSense software version 2.4.4-p1 is vulnerable to multiple instances of cross-site scripting (XSS) attacks. These attacks can be reflected or stored. The first reflected XSS vulnerability is found in the 'webguiproto' parameter of the 'system_advanced_admin.php' page. The second reflected XSS vulnerability is found in the 'wan' parameter of the 'interfaces_assign.php' page. The first stored XSS vulnerability is found in the 'dscp' parameter of the 'firewall_rules_edit.php' page with the 'if=FloatingRules' parameter. The second stored XSS vulnerability is found in the 'tag' parameter of the 'firewall_rules_edit.php' page with the 'if=FloatingRules' parameter.
This exploit allows an attacker to cause a denial of service (DoS) by sending a specially crafted payload to the SpotAuditor software. By copying the content of SpotAuditor_Crash.txt and pasting it into the 'Base64 Encrypted Password' textbox in the 'Base64 Password Decoder' tool, the software crashes.
The River Past Ringtone Converter v2.7.6.1601 software is vulnerable to a denial of service attack. By providing a specially crafted input, an attacker can cause the software to crash, resulting in a denial of service condition.
This exploit allows an attacker to execute arbitrary SQL queries in the SuiteCRM 7.10.7 application by manipulating the 'record' parameter in the URL.
Services By CQR