The application is vulnerable to improper access control that allows an authenticated operator to disclose SHA1 password hashes (client-side) of other users/operators.
The application has an update password feature which has a CSRF vulnerability that allows an attacker to change the password of any arbitrary user leading to an account takeover.
The 'Service SbieSvc' in Sandboxie-Plus version 5.50.2 has an unquoted service path vulnerability. This allows an attacker with local access to escalate privileges by placing a malicious executable with the same name in a higher-priority directory.
The WOW21_Service in WOW21 version 5.0.1.9 on Windows 10 Pro x64 allows local users to gain elevated privileges via an unquoted service path.
This is a proof-of-concept exploit for the Dirty Pipe vulnerability (CVE-2022-0847) in the Linux Kernel. The vulnerability is caused by an uninitialized 'pipe_buffer.flags' variable, allowing an attacker to overwrite file contents in the page cache even if the file is not permitted to be written, immutable, or on a read-only mount. The exploit requires Linux 5.8 or later and has certain limitations, such as the offset not being on a page boundary and the write not crossing a page boundary.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
This exploit is a proof of concept for a Denial of Service (DoS) vulnerability in Cobian Backup 11 Gravity version 11.2.0.582. By providing a large string as the password, the application crashes, causing a denial of service.
This exploit allows an attacker to execute arbitrary code on a system running SapLPD 6.28 on Windows XP SP2. The exploit works by sending a specially crafted request to the vulnerable server, which triggers a buffer overflow and allows the attacker to control the execution flow of the program.
The Cobian Reflector 0.9.93 RC1 software is vulnerable to a denial of service (DoS) attack. By providing a large amount of data as the password input, an attacker can crash the application, causing it to become unresponsive and potentially disrupting normal operation.
The WebHMI 4.1 application is vulnerable to stored cross-site scripting (XSS) attacks. An authenticated attacker can inject malicious scripts into the Title field of a new register or a created dashboard, which will be executed when viewed by other logged-in users.
Services By CQR