WhatsUp Gold 2022 (v.22.1.0 Build 39) is susceptible to a stored cross-site scripting (XSS) attack via the sysName SNMP parameter. An attacker can insert malicious scripts into the admin console by manipulating the SNMP device name. Once saved, the injected code executes in the admin user's context, potentially leading to data theft or unauthorized activities. This exploit can create a Powershell reverse shell connecting to the attacker at intervals.
WhatsUp Gold 2022 (22.1.0 Build 39) is vulnerable to stored cross-site scripting (XSS) via the sysName SNMP parameter. An attacker can inject malicious scripts into the admin console by crafting a specially crafted SNMP device name, leading to code execution in the context of the admin user. This could result in data theft or unauthorized actions. The exploit involves adding a Powershell reverse shell that connects to the attacker every 5 minutes.
TitanFTP is vulnerable to a path traversal vulnerability, which can be exploited to gain remote code execution. An attacker can send a specially crafted request to the vulnerable server, which can be used to traverse the file system and execute arbitrary code.
Services By CQR