A CSRF vulnerability exists in LFCMS_3.7.0 where an administrator account can be added arbitrarily. The payload for the attack is a HTML form that submits a request to add a new administrator account.
This exploit allows an attacker to execute commands on the target system.
Buffer overflow in redis-cli of Redis version 3.2, 4.0, and 5.0 allows a local attacker to achieve code execution and escalate to higher privileges via a long string in the hostname parameter.
The ELSE IF CMS has multiple vulnerabilities including remote file inclusion, remote file upload ability, XSS, full path disclosure, and a shell upload exploit. These vulnerabilities can be exploited to inject malicious files, upload files remotely, execute cross-site scripting attacks, disclose full file paths, and upload a shell.
To exploit this vulnerability, the user must be logged on to the platform! The vulnerability allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/[username] URI.
This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
This vulnerability allows an attacker to include arbitrary files from remote servers.
This exploit allows an attacker to inject malicious code into the Canon PrintMe EFI application, leading to a cross-site scripting (XSS) vulnerability. The vulnerability is triggered when the application fails to properly sanitize user input, allowing an attacker to execute arbitrary JavaScript code in the context of the victim's browser.
This component contains an insecure 'CompactFile()' method which overwrites arbitrary files on the user's PC. By passing an existing file as the first parameter and a desired file as the second parameter, the desired file will be overwritten.
The Joomla! Component EkRishta 2.10 is vulnerable to a SQL Injection attack. The 'username' parameter is not properly sanitized, allowing an attacker to inject SQL code into the query. This can lead to unauthorized access, data manipulation, or other malicious activities.
Services By CQR