Exploits - exploit.company

Remote Command Execution in Aurba 501

An exploit that allows an attacker to remotely execute commands on an Aurba 501 device. By manipulating the 'ping_ip' parameter in a POST request, an attacker can inject arbitrary commands, leading to unauthorized access.

6.1

CVSS

HIGH

Remote Command Execution

Affected Version

CMDBuild 3.3.2 – ‘Multiple’ Cross Site Scripting (XSS)

Multiple stored cross-site scripting (XSS) vulnerabilities in Tecnoteca CMDBuild 3.3.1 allow remote attackers to inject arbitrary web script or HTML via a crafted SVG document. The attack vectors include Add Attachment, Add Office, and Add Employee. Almost all add sections.

8.8

CVSS

HIGH

Cross Site Scripting (XSS)

Affected Version

PHP Laravel 8.70.1 – Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)

We can bypass laravel image file upload functionality to upload arbitary files on the web server which let us run arbitary javascript and bypass the csrf token.

8.8

CVSS

HIGH

Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)

Affected Version

WordPress Plugin Stop Spammers 2021.8 – ‘log’ Reflected Cross-site Scripting (XSS)

Reflected cross-site scripting (XSS) vulnerabilities in 'Stop Spammers <= 2021.8' allow remote attackers to run arbitary javascript by entering a malicious payload in the username field.

6.1

CVSS

MEDIUM

Reflected Cross-site Scripting (XSS)

Affected Version

openMAINT openMAINT 2.1-3.3-b – ‘Multiple’ Persistent Cross-Site Scripting

Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any 'Add' sections, such as Add Card Building & Floor, or others in the Name And Code Parameters.

6.1

CVSS

MEDIUM

Persistent Cross-Site Scripting

Affected Version