The Configuration Tool version 1.6.53 is vulnerable to an unquoted service path vulnerability. The 'OpLclSrv' service has an unquoted service path, which can allow an attacker to escalate privileges and execute arbitrary code with elevated privileges.
The exploit allows an attacker to bypass authentication in CatDV version 9.2 and lower. By manipulating the getValidSession() function, the attacker can generate a valid session and gain unauthorized access to the server. This vulnerability can be exploited remotely through the RMI protocol.
The Online Ordering System 1.0 is vulnerable to blind SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'id' parameter of the design.php page. By manipulating the SQL queries, an attacker can extract sensitive information from the database or perform unauthorized actions.
This exploit module allows execution of OS commands in zencart.
This exploit causes a denial of service in Product Key Explorer 4.2.7 by creating a payload.txt file with a buffer of 'A' characters.
The LogonExpert 8.1 software installed on Windows 7 Service Pack 1 x64 is vulnerable to an unquoted service path vulnerability. The LogonExpertSvc service has an unquoted service path, which can allow an attacker to escalate privileges and execute arbitrary code with elevated privileges. The vulnerability exists due to the service path not being enclosed in double quotes. By placing a malicious executable in a specific location, an attacker can take advantage of the unquoted service path vulnerability to execute arbitrary code during the service startup. This can lead to a complete compromise of the affected system.
This exploit allows an attacker to execute arbitrary commands on a target system running HFS (HTTP File Server) version 2.3.x. The vulnerability exists due to improper handling of user input, which allows an attacker to inject malicious commands. By exploiting this vulnerability, an attacker can gain unauthorized access and execute commands with the privileges of the HFS application.
The 'last_name' parameter in Monica 2.19.1 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can inject malicious script code into the 'last_name' field, which will be executed when the user views the affected page.
This application is vulnerable to SQL injection vulnerability. The exploit allows bypassing authentication by injecting SQL payload in the 'email' field. By using the payload ' or 'x'='x in the email and password fields, the attacker can directly enter into the Admin Panel page.
This application is vulnerable to Stored XSS vulnerability. The vulnerable script is http://localhost/peel-shopping_9_3_0/achat/achat_maintenant.php and the vulnerable parameter is 'Comments / Special Instructions :'. The payload used for exploitation is jaVasCript:/*-/*`/*`/*'/*"/**/(/* */oNcliCk=alert())//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>x3csVg/<sVg/oNloAd=alert()//>x3e
Services By CQR