Silly sandbox escape. Frappe Framework uses the RestrictedPython library to restrict access to methods available for server scripts. The exploit requires the 'System Manager' role and the server config 'server_script_enabled' set to 'true'. It allows an authenticated attacker to create a new script, execute arbitrary code, and escape the sandbox.
This exploit takes advantage of an unquoted service path vulnerability in MiniTool Partition Wizard ShadowMaker v.12.7. By exploiting this vulnerability, an attacker can potentially gain elevated privileges on the target system.
Exploit to execute commands exploiting CVE-2022-22963
The Netlify CMS version 2.10.192 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can inject malicious code into the body field of a new post, which will be executed when the post is saved. This can lead to the execution of arbitrary code in the context of the user's browser, potentially allowing for further exploitation or data theft.
The Windows 10 version 2004 is vulnerable to the HTTP Protocol Stack (HTTP.sys) due to a buffer overflow. This vulnerability allows an attacker to perform a denial of service (DoS) attack and restart the system. The vulnerability was first reported in CVE-2021-31166 and still exists in Windows 10 version 2004. The exploit for this vulnerability is a one-line command.
The Microsoft Outlook app allows an attacker to send an infected Word file with malicious content to everyone who is using the Outlook app, regardless of whether it is the web or local version. Microsoft has not yet released a patch for this 0-day vulnerability.
The Faculty Evaluation System v1.0 is vulnerable to SQL Injection. The vulnerability exists in the 'edit_evaluation' file and the 'view_faculty.php' file. The SQL Injection allows an attacker to manipulate the SQL queries and potentially extract or modify sensitive data.
The Piwigo version 13.7.0 is vulnerable to a stored cross-site scripting (XSS) attack. An authenticated user with the privilege to upload photos can inject malicious code into the 'Description' field of the photo editing screen. When the photo is viewed on the homepage, the XSS payload is executed.
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, cookies, IP, User-Agent, and other sensitive information. The user would have to click on a specially crafted URL to be compromised by the attacker. In this example, the attacker uses STRIDE Threat Modeling to spoof the victim to click on his website and done. This will be hard to detect.
This exploit allows an attacker to perform SQL injection on the Lost and Found Information System v1.0. By injecting a malicious SQL query, the attacker can manipulate the database and potentially access unauthorized information.
Services By CQR
