In all versions below 2.1.8 of the Joomla plugin SexyPolling, an unauthenticated attacker can execute arbitrary SQL commands by sending crafted POST parameters to poll.php.
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 (and related products from same vendor, like "MyProjects") allows attacker to execute arbitrary web scripts or HTML. Injecting persistent javascript code inside the title description (or content) while creating a project, todo, timecard, estimates, report or finding, it will be triggered once page gets loaded.
The application suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'pingAddr' and 'traceAddr' HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces.
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefined enum.
Prime95 Version 30.7 build 9 Buffer Overflow RCE. The exploit allows an attacker to execute remote code.
To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
This exploit allows an attacker to perform blind SQL injection attacks on the WebTareas 2.4 application. By exploiting the vulnerability, an attacker can extract login credentials and passwords from the application's database.
The application suffers from a cleartext transmission/storage of sensitive information in a Cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials through a man-in-the-middle attack.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Services By CQR