ColdFusion allows an unauthenticated user to connect to any LDAP server. An attacker can exploit it to achieve remote code execution. JNDI attack via the 'verifyldapserver' parameter on the utils.cfc.
An unquoted service path in Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete
This exploit allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks on FileCloud prior to version 21.3. By uploading a specially crafted CSV file, an attacker can create a user with arbitrary credentials and gain unauthorized access to the system.
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting.
This exploit targets Total Video Player V1.20 and V1.30. By parsing a crafted .m3u file, a stack overflow occurs, corrupting the stack and allowing control of the EBP and EIP registers. The ESP register points to the retaddress position. A jump back and a JMP ESP are performed to gain control. This exploit has been tested on Windows XP SP2.
The Connectify Hotspot 2018 service 'ConnectifyService' has an unquoted service path, which can allow an attacker to escalate privileges by placing a malicious executable in a higher-level directory with the same name as the service.
The value of a file path which is going to be deleted is not properly and sufficiently controlled. The parameter 'rrrlgvwr_clear_file_name' can be manipulated only by authenticated users.
The TeamSpeak Application was installed with insecure file permissions. It was found that all folder and file permissions were incorrectly configured during installation. It was possible to replace the service binary.
The Kyocera Command Center RX ECOSYS M2035dn device is vulnerable to a directory traversal attack that allows an unauthenticated user to disclose sensitive files on the system. By crafting a specially crafted payload and adding a nullbyte at the end, an attacker can traverse directories and retrieve files that should not be accessible. This vulnerability can be exploited by sending a malicious GET request to the device.
The Home Owners Collection Management System (HOCMS) version 1.0 is vulnerable to remote code execution. An attacker can exploit this vulnerability by sending a specially crafted request to the SystemSettings.php file. By manipulating the 'name' parameter, an attacker can execute arbitrary code on the server. The vulnerability allows an authenticated attacker to execute system commands on the target server, potentially leading to full compromise of the system.
Services By CQR