The Dolibarr 11.0.3 version is vulnerable to persistent cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the LDAP Synchronization Settings endpoint. The payload is injected into the 'host' parameter, resulting in the execution of arbitrary scripts in the context of the victim's browser.
There is a buffer overflow vulnerability in the NLST command of the FTP server Konica Minolta FTP Utility that will allow an attacker to overwrite some registers, such as EAX, ESI, EDI... Even though the next codes will crash the FTP server and overwrite some registers, an individual can use the vulnerable command to build a remote buffer overflow exploit that will root a system without any user interaction.
There is a buffer overflow vulnerability in the LIST command of the FTP server 'Konica Minolta FTP Utility' that allows an attacker to overwrite registers such as EAX, ESI, EDI. By using the vulnerable command, an individual can build a remote buffer overflow exploit that can root a system without any user interaction.
OpenEDX Platform Ironwood version 2.5 suffers from a RCE vulnerability when the use of CodeJail is not enforced. This is an authenticated vulnerability, so you need to register an account, go to /edx-studio and create a new course, section, subsection, unit, and add a new component with a custom Python evaluated code. By introducing a payload in the problem section, an attacker can execute arbitrary commands on the target machine.
AbsoluteTelnet 11.21 is vulnerable to a denial of service (DoS) attack when a specially crafted input is provided to the 'Username' field. This can be exploited by an attacker to crash the application. The vulnerability can also be triggered when attempting to send an error report after the application has crashed. By providing a specific input in the 'Your Email Address (optional)' field, the application crashes again.
This exploits a command execution in Pi-Hole <= 4.4. A new blocklist is added, and then an update is forced (gravity) to pull in the blocklist content. PHP content is then written to a file within the webroot. Phase 1 writes a sudo pihole command to launch teleporter, effectively running a priv esc. Phase 2 writes our payload to teleporter.php, overwriting the content. Lastly, the phase 1 PHP file is called in the web root, which launches our payload in teleporter.php with root privileges.
NukeViet CMS v4.4.00 suffers from a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change the profile details and password of a user without knowing their old password. The vulnerability also allows the attacker to create a new user with admin privileges and delete sensitive and other log files.
The Online Healthcare Patient Record Management System suffers from multiple authentication bypass vulnerabilities. The login.php file allows a user to just supply ‘ or 1=1 – as a username and whatever password and bypass the authentication. The same happens with login.php for the admin area. There is also an authentication bypass issue located in add_user.php.
The XOOPS mod_gallery module is vulnerable to a remote file inclusion (RFI) attack. This vulnerability occurs when the application fails to properly sanitize user-supplied input, allowing an attacker to include a remote file from a malicious server. The vulnerability can be exploited when the register_globals setting is turned off. The vulnerability is caused by the insecure handling of user-supplied input in the GALLERY_BASEDIR parameter. An attacker can manipulate this parameter to include a remote file, resulting in arbitrary code execution on the server. The vulnerability was discovered by Eugene Minaev of ITDefence.ru.
This exploit allows arbitrary code execution in Dameware Remote Support version 12.1.1.273. By providing a specially crafted payload, an attacker can trigger a buffer overflow and gain control of the system. The exploit has been tested on Windows 7 x86.
Services By CQR