An XSS issue in Joplin for desktop v1.0.190 to v1.0.245 allows arbitrary code execution via a malicious HTML embed tag. HTML embed tags are not blacklisted in Joplin's renderer. This can be chained with a bug where child windows opened through window.open() have node integration enabled to achieve ACE. If Joplin API is enabled, Remote Code Execution with user interaction is possible by abusing the lack of required authentication in Joplin 'POST /notes' api endpoint to remotely deploy the payload into the victim application.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
This exploit allows an authenticated user to inject arbitrary script code into the description field of a post in Anchor CMS version 0.12.7. By crafting a malicious payload and saving the post, the script code will be executed when viewing the post.
BigTree CMS 4.4.10 and earlier versions are vulnerable to Authenticated Remote Code Execution. An authenticated user (developer) can inject a malicious command via the create new setting function and execute arbitrary code remotely.
BlackCat CMS v1.3.6 has a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
This exploit chains together two CVE's to achieve unauthenticated remote code execution. The first portion of this exploit resets the Administrator password (CVE-2017-7615) discovered by John Page a.k.a hyp3rlinx, this portion was modified from the original https://www.exploit-db.com/exploits/41890. The second portion of this exploit takes advantage of a command injection vulnerability (CVE-2019-15715) discovered by 'permanull' (see references).
This exploit allows remote code execution on Microsoft SQL Server Reporting Services 2016. It takes advantage of a vulnerability in the software.
Rapid7 Nexpose installer version prior to 6.6.40 uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path, allowing local privilege escalation.
This exploit triggers an infinite malloc() loop until the gnome-font-viewer process is stopped.
The ShareMouse Service in ShareMouse version 5.0.43 has an unquoted service path vulnerability. This vulnerability allows a local user to insert their code in the system root path undetected by the OS or other security applications, where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Services By CQR