The Toshiba Surveillance (Surveillix) RecordSend Class (MeIpCamX.DLL 1.0.0.4) is vulnerable to a remote buffer overflow exploit in IE7/xpsp2. This vulnerability can be exploited by an attacker to execute arbitrary code or crash the affected system.
This module exploits an authenticated directory traversal vulnerability in WordPress plugin 'Simple JobBoard ' < 2.9.3, allowing arbitrary file read with the web server privileges.
This exploit allows an authenticated user to upload a malicious file and execute arbitrary code on the target system.
Vulnerable to Cross-site request forgery (CSRF), can lead to full account takeover of Administrator account.
The exploit allows an attacker to bypass the authentication mechanism in the Online Movie Streaming 1.0 application. By manipulating the login form parameters, an attacker can gain administrative access to the application.
PortableKanBan stores credentials in an encrypted format. Reverse engineering the executable allows an attacker to extract credentials from local storage. Provide this program with the path to a valid PortableKanban.pk3 file and it will extract the decoded credentials.
The Cemetry Mapping and Information System 1.0 is affected by multiple stored cross-site scripting vulnerabilities. The vulnerabilities allow an attacker to inject malicious scripts into the 'Full Name' and 'Location' parameters, potentially leading to the execution of arbitrary code or the theft of sensitive information.
This module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable siteβs server.
The exploit allows an attacker to inject malicious script code into the 'First Name', 'Last Name', and 'Address' fields during the profile update process. This results in the execution of the payload each time a new page is visited or the profile is updated.
The parameter 'email' in ECSIMAGING PACS Application 6.21.5 and below is vulnerable to SQL injection. The 'selected_db' parameter can be leaked in the parameters.
Services By CQR