An unauthenticated malicious user can trigger a Denial of Service (DoS) attack when sending specific application layer packets towards the Aerohive NetConfig UI. This PoC exploit renders the application unusable for 305 seconds or 5 minutes with a single HTTP request using the action.php5 script calling the CliWindow function thru the _page parameter, denying access to the web server hive user interface.
- print_layout.php is vulnerable. When you sent PoC code to the server and If there is no file on the server, you can see, this error message<br /><b>Warning</b>: unlink(/Applications/XAMPP/xamppfiles/htdocs/webtareas/files/PrintLayouts/tester.png.php--1.zip): No such file or directory in <b>/Applications/XAMPP/xamppfiles/htdocs/webtareas/includes/library.php</b> on line <b>1303</b><br />- So, Here, you can delete file with unlink function.- And, I ddi try again with another file, I deleted from the server.
The i-doit Open Source CMDB version 1.14.1 is vulnerable to arbitrary file deletion. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the import module with the 'delete_import' parameter set to the filename they want to delete from the server. This allows an attacker to delete any file on the server, leading to potential data loss or unauthorized access.
Remote File Inclusion (RFI) bug in SimplePHPGal 0.7 allows an attacker to execute arbitrary scripts on the server by including a malicious file through user input. The bug is caused by programmer errors and can be prevented by checking the file entered by the user against a whitelist and disabling the 'allow_url_fopen' feature.
The vulnerability allows an attacker to inject malicious XML entities, leading to various types of attacks including server-side request forgery (SSRF) and exfiltration of sensitive data.
Multiple remote SQL injection vulnerabilities have been discovered in the Fishing Reservation System application. The vulnerability allows remote attackers to inject or execute their own SQL commands to compromise the DBMS or file system of the application. The vulnerabilities are located in the pid, type, and uid parameters of the admin.php control panel file. Guest accounts or low privileged user accounts can inject and execute their own malicious SQL commands to compromise the local database and affected management system. The vulnerability is a classic order by remote SQL injection vulnerability. Exploitation of the vulnerability requires no user interaction and a low privileged web-application user/guest account. Successful exploitation results in database management system, web-server, and web-application compromise.
addressbook 9.0.0.1 is vulnerable to time-based blind SQL injection. The vulnerability allows an attacker to manipulate the 'id' parameter in the URL to execute arbitrary SQL queries.
This exploit allows an attacker to execute arbitrary code on a system running Frigate 3.36. By generating a specially crafted 'test.txt' file and copying its contents to the clipboard, an attacker can trigger a buffer overflow when pasting the contents into Frigate3's 'Find Computer' feature. This results in the execution of the Windows calculator application.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
This vulnerability allows an attacker to inject malicious script into a vulnerable parameter named 'name' in the osTicket application, which can lead to the execution of arbitrary code in the context of the user's browser. By exploiting this vulnerability, an attacker can obtain the cookie information of the target user.
Services By CQR