The vulnerability allows an attacker to include local files on the server by manipulating the 'p' parameter in the index.php file of SanyBee Gallery 0.1.1. By appending '%00' to the parameter, the attacker can bypass input validation and include arbitrary files.
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Unauthenticated Nimbus nimcontroller RCE, tested against build 7.80.3132 although multiple versions are affected. The exploit won't crash the service. You may have to run the exploit code multiple times on Windows Server 2012. If you exploit Windows Server 2019 it should work as well just didn't get a chance to test it (reversing other things), I put faith in my ROP chain being universal (worked first try on 2012).
An attacker can use CSRF to register themselves as an instructor or block other legit instructors. Consequently, if the option to create courses without admin approval is enabled on the plugin’s settings page, the attacker will be able to create courses directly as well. All WordPress websites using Tutor LMS version 1.5.2 and below are affected.
This exploit targets a buffer overflow vulnerability in the Cyberoam Authentication Client version 2.1.2.7. By copying the contents of 'sploit.txt' into the 'Cyberoam Server Address' field and clicking 'Check', a TCP shell will spawn on port 1337. The exploit uses msfvenom to generate a payload with bad characters to be avoided. It is tested on Windows Vista SP2 x86.
Joplin Desktop version 1.0.184 and before are affected by Cross-Site Scripting vulnerability through the malicious note. This allows a malicious user to read arbitrary files of the system.
Operator Can Change Role User Type to admin
Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. The vulnerabilities in Bitweaver R2 CMS include arbitrary file upload and source code disclosure. The arbitrary file upload vulnerability can be exploited through the /fisheye/upload.php file, where an attacker can upload arbitrary files with image/gif content-type. Additionally, the attacker can bypass the '/storage/.htaccess' restriction by uploading their own .htaccess file. The source code disclosure vulnerability can be exploited through the /wiki/edit.php file, where an attacker can suck another page and append it to the end of the current page.
Lack of origin authentication (CWE-346) at IPN callback processing function allow (even unauthorized) attacker to remotely replace critical plugin settings (merchant id, secret key etc) with known to him and therefore bypass payment process (eg. spoof order status by manually sending IPN callback request with a valid signature but without real payment) and/or receive all subsequent payments (on behalf of the store).
Lack of origin authentication (CWE-346) at IPN callback processing function allow (even unauthorized) attacker to remotely replace critical plugin settings (merchant id, secret key etc) with known to him and therefore bypass payment process (eg. spoof order status by manually sending IPN callback request with a valid signature but without real payment) and/or receive all subsequent payments (on behalf of the store).
Services By CQR
