Executing Blind XSS in New Instances leads to admin account takeover
Insecure Service File Permissions in bd service in Real Time Logics BarracudaDrive v6.5 allows local low-privilege attacker to escalate privileges to admin via replacing the bd.exe file and restarting the computer where the malicious code will be executed as 'LocalSystem' on the next startup.
Cross-Site Request Forgery (CSRF) vulnerability in 'changeUsername.php' webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to deny future logins via changing the authenticated victims username when they visit a third-party site.
This exploit allows an authenticated user to inject malicious code into the "Content Page" section of the admin panel in moziloCMS 2.0. The injected code will be executed whenever the content page is viewed, potentially allowing an attacker to steal sensitive information or perform other malicious actions.
Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML.
Eibiz i-Media Server Digital Signage 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the 'oldfile' GET parameter.
The ElkarBackup version 1.3.3 is vulnerable to persistent cross-site scripting. An attacker can inject malicious scripts through the 'Name' section when adding a client, leading to the execution of arbitrary code on the user's browser.
This exploit allows an attacker to retrieve arbitrary files from the target system by exploiting a directory traversal vulnerability in Ruijie Networks Switch eWeb S29_RGOS 11.4. By sending a specially crafted GET request, an attacker can traverse directories and access sensitive files on the target system.
The application suffers from an unauthenticated remote code execution. The vulnerability is caused due to lack of verification when uploading files with QH.aspx that can be written in any location by utilizing the 'remotePath' parameter to traverse through directories. Abusing the upload action and the 'fileToUpload' parameter, an unauthenticated attacker can exploit this to execute system commands by uploading a malicious ASPX script.
Cross-Site Request Forgery (CSRF) vulnerability in 'edit_user.php' webpage of OSWAPP's Warehouse Inventory System v1.0 allows remote attackers to change the admin's password via authenticated admin visiting a third-party site.
Services By CQR