The Netman 204 device is vulnerable to unauthorized access and command injection. Attackers can exploit this vulnerability to execute remote commands without authentication. By using specific URLs, attackers can access different panels with default or backdoor credentials, allowing them to view critical information and perform actions without proper authorization.
The exploit allows unauthenticated attackers to log in as any existing user, including administrators, on the site by exploiting an authentication bypass vulnerability in Really Simple Security < 9.1.2. This vulnerability occurs when the 'Two-Factor Authentication' setting is enabled. The tool is designed for security assessments and should be used responsibly.
The Extensive VC Addons plugin for WPBakery page builder before 1.9.1 allows remote attackers to execute arbitrary commands via crafted input. An attacker can leverage this vulnerability to perform various malicious activities like reading sensitive files or executing system commands remotely. This vulnerability is identified as CVE-2023-0159.
ABB Cylon Aspect 3.08.03 is prone to an authenticated reflected cross-site scripting vulnerability. The issue occurs because input provided to the 'name' and 'id' parameters via GET requests is not properly sanitized before being returned to users. An attacker can exploit this vulnerability to execute arbitrary HTML or JavaScript code within the context of a user's browser session on the affected site.
The exploit allows remote attackers to execute arbitrary code on the target system. The vulnerability exists in XWiki Standard 14.10. By sending a malicious payload, an attacker can execute commands on the system.
The WordPress Core version 6.2 is vulnerable to a directory traversal attack. An attacker can manipulate input in a way that allows them to access files outside of the intended directory, such as sensitive system files like /etc/passwd. This vulnerability is identified as CVE-2023-2745.
Blood Bank & Donor Management System version 2.4 is vulnerable to CSRF attacks due to the lack of CSRF tokens for essential functions like logout. By creating a malicious iframe with the logout URL, an attacker can deceive a user into clicking it, resulting in the user being logged out without their knowledge.
GestioIP 3.5.7 is prone to an authenticated cross-site scripting vulnerability in the 'ip_do_job' feature. This could allow attackers to perform data exfiltration and cross-site request forgery (CSRF) attacks. The vulnerability can be exploited by injecting malicious scripts into parameters like 'host_id' and 'stored_config'.
A business logic flaw in InfluxDB OSS allows users with a valid allAccess token to elevate their privileges to operator level by accessing current authorization tokens. This could lead to unauthorized access to the InfluxDB instance, compromising data confidentiality, integrity, and availability for users across different organizations.
The ABB Cylon Aspect 3.08.02 webServerUpdate.php script does not properly validate input on the port POST parameter, allowing attackers to bypass client-side checks and supply arbitrary integer values. This can lead to configuration poisoning, Denial of Service (DoS) attacks, and manipulation of server settings via Cross-Site Request Forgery (CSRF) combined with authentication bypass.
Services By CQR