A persistent input validation web vulnerability has been discovered in the official Sellacious eCommerce Shop CMS (2020 Q1). The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to web-application requests from the application-side. The cross site web vulnerabilities are located in the all the adress input fields of the 'Manage Your Addresses' module. Remote attackers are able to register a low privilege user account to inject own malicious script code to the adress information page. The execution of the script code occurs each time the adress information is used in the web ui of the ecommerce application. The request method to inject is POST and the attack vector is persistent on the application-side. Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected application modules.
A persistent input validation web vulnerability has been discovered in the official Tryton v5.4 web-application series. The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to web-application requests from the application-side. The persistent vulnerability is located in the `name` parameter of the `User Profile` module. Remote attackers with low privileges are able to inject own malicious persistent script code as name for user accounts. The injected code can be used to attack the frontend or backend of the web-application. The request method to inject is POST and the attack vector is located on the application-side. Injection point is the profile input field with the name value and the execute occurs in the front ui on top right were the avatar is listed or in the admin backend on the res.user;name="Users"&views. Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persist
This exploit takes advantage of a buffer overflow vulnerability in LanSend 3.2. By running the provided payload, an attacker can execute arbitrary shellcode on a vulnerable system.
When a normal user tries to update their profile, they can arbitrarily upload files to the user_photo area. Because there are no file extension controls. Additionally, the .htaccess file has some protection against malicious .php file. But, the developer writes the wrong regex. So, the Attacker can change extension as (.PHP) and run code on the server
The Uebimiau Web-Mail application is vulnerable to a remote file reader exploit. By manipulating the script parameters, an attacker can trick the script into thinking they are an authorized user and gain unauthorized access to sensitive files. This vulnerability can be exploited if the register_globals setting is enabled.
The vulnerability exists in the Network Hierarchy and User Management features of Cisco Digital Network Architecture Center. The Floor Name parameter in the Network Hierarchy and the First Name and Last Name parameters in User Management are vulnerable to persistent cross-site scripting (XSS) attacks. An attacker can inject malicious scripts into these fields, which will be executed when viewed by other users with sufficient privileges. The lack of input validation and filtering allows special characters to be included in the fields without any security mechanism. The vulnerability requires admin or customer account privileges in the Network Hierarchy and admin account privileges in User Management. The affected fields are located in Design -> Network Hierarchy -> Building -> Floor -> Field: 'Floor name' and Settings -> Users -> User Management -> Fields: 'First Name' or 'Last Name'.
An error with insecure file permissions has occurred in the SolarWinds MSP Cache Service, which can lead to code execution. The CacheService.xml file in %PROGRAMDATA%SolarWinds MSPSolarWinds.MSP.CacheServiceconfig is writable by normal users, allowing them to change the SISServerURL parameter and control the location of updates.
In the "Media Manager" area, users can do arbitrarily file deletion. Because the developer did not use the unlink() function as secure. So, can be triggered this vulnerability by a low user account.
The Kartris version 1.6 allows an attacker to upload arbitrary files via the _GeneralFiles.aspx page. This can lead to remote code execution and unauthorized access to sensitive information.
This exploit allows an attacker to perform an SQL injection attack on the 'uname' parameter of the Online AgroCulture Farm Management System 1.0. By injecting a specially crafted payload, the attacker can retrieve sensitive information from the database, such as the database name and MariaDB version.
Services By CQR