The Optergy 2.3.0a version of the product allows an attacker to disclose the usernames of the system. By sending a specially crafted request to the Login.html page, the attacker can retrieve a list of usernames.
The vulnerability exists in the frontpage_right.php file of Arcadem LE version 2.04. An attacker can exploit this vulnerability by injecting a file through the 'loadadminpage' parameter in the URL.
The Alps Pointing-device controller installs a service with an unquoted path which could be used as a local privilege escalation vulnerability. To exploit this vulnerability, an executable file could be placed in the path of the service and after rebooting the system or restarting the service the malicious code will be executed with elevated privileges.
This module allows an attacker to perform directory traversal attacks on Atlassian Confluence version 6.15.1. By exploiting this vulnerability, an attacker can write arbitrary files to the server.
This exploit allows an attacker to upload arbitrary files to the Prima Access Control software version 2.3.35. By sending a specially crafted POST request to the sysfcgi.fx endpoint, an attacker can upload a malicious Python script that can execute arbitrary commands on the target system.
This exploit allows an attacker to perform a persistent cross-site scripting attack in the 'HwName' parameter of the Prima Access Control software version 2.3.35. By injecting malicious script code, an attacker can execute arbitrary JavaScript code in the context of the victim's browser.
The CBAS-Web application version 19.0.0 is vulnerable to a boolean-based blind SQL injection vulnerability in the 'id' parameter. An attacker can exploit this vulnerability to manipulate the SQL query and extract sensitive information from the database.
This exploit allows an attacker to perform Cross-Site Request Forgery (CSRF) attack in CBAS-Web version 19.0.0. By tricking a user into visiting a malicious website, the attacker can add a super admin to the system without the user's knowledge or consent.
This module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller. The issue is triggered by an unsanitized exec() PHP function allowing arbitrary command execution with root privileges.
Confluence Arbitrary File Write via Path Traversal (CVE-2019-3398). This exploit allows an attacker to write arbitrary files on the server by exploiting a path traversal vulnerability in Atlassian Confluence 6.15.1.
Services By CQR