A stored cross-site scripting vulnerability exists in the Responsive E-Learning System 1.0, which allows an attacker to inject malicious JavaScript code into the application. By exploiting this vulnerability, an attacker can gain access to the application and execute malicious code on the victim's browser.
A vulnerability exists in the WordPress Booking Calendar plugin version 4.1.4, which allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks. An attacker can add or delete bookings by sending a malicious POST request to the vulnerable application. The POST request contains the action to be performed, such as 'INSERT_INTO_TABLE' or 'DELETE_BY_ID', and the parameters required for the action.
Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to create an administrator user due to a lack of permissions check in the handler/securityService.rpc endpoint. The following HTTP request can be made by any authenticated user, even those with a single role of Monitor. This request will create an administrator with all roles with a username of notadmin and a password of notpassword. Many vectors of remote code execution are available to an administrator. Not only can an administrator deploy WAR applications, they can also evaluate arbitrary groovy scripts via the web interface.
This proof of concept demonstrates that the admin password can be changed by an attacker in a CSRF attack. However, it seems like any setting in the device can be manipulated using an attack like this. The device does not ask for the current password.
This exploit allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted S3M or IT file.
This module allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. The vulnerability was discovered by Brandon Perry.
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.
Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal.
This exploit allows an attacker to execute arbitrary code with root privileges on a target machine through a heap spray vulnerability in the networkd service. The exploit leverages a ROP (Return-Oriented Programming) chain to bypass security protections and execute a system call to gain root access.
This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write in the file system. Authentication is needed to exploit this vulnerability, but this module will attempt to login using the default credentials for the administrator and guest accounts. Alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer, SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this module, only ServiceDesk v9 has been fixed in build 9031 and above. This module has been been tested successfully in Windows and Linux on several versions.
Services By CQR