The Monstra CMS 3.0.4 allows remote attackers to execute arbitrary code via crafted PHP code in a .chunk.php file.
This exploit targets a buffer overflow vulnerability in Samba version 3.0.4 and prior. It allows an attacker to execute arbitrary code by sending a specially crafted HTTP request to the SWAT service.
The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
Monstra CMS 3.0.4 allows remote attackers to delete folder via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
This exploit allows an attacker to inject malicious scripts into the Monstra CMS admin panel. By editing a page and inserting a payload in the Name field, an attacker can execute arbitrary JavaScript code on the affected website.
Any registered user can upload any file because of incorrect if statement inside banneruploaderscript.php. Proof of concept involves logging in as a regular user and submitting a form with a file input to banneruploaderscript.php. The file will be visible at http://wordpress-install/wp-content/plugins/wp-easycart/products/banners/%filename%_1.%fileextension%.
WORK system e-commerce is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Docebo is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
America's Army is prone to a remote denial-of-service vulnerability because the application fails to properly handle invalid queries. Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
Services By CQR