The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
This exploit allows an authenticated user to execute arbitrary commands on the server. By editing the role 1 and injecting a command in the description, the command is executed when the description is rendered. This can lead to remote code execution.
The attacker can able to convince a victim to visit a malicious URL, can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
Information disclosure issue in the redirect responses, exposing sensitive data such as API keys, server keys, and app IDs in the body of the redirects.
Xlight FTP Server 3.9.3.6 'Execute Program' Buffer Overflow (PoC)
This exploit allows an attacker to execute remote commands without authentication in the WordPress Plugin Forminator version 1.24.6. The vulnerability is due to improper handling of user input in the 'postdata-1-post-image' parameter, which can be exploited to execute arbitrary PHP code.
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
The Webedition CMS v2.9.8.8 is vulnerable to a stored Cross-Site Scripting (XSS) attack. By uploading a malicious SVG file and triggering the XSS payload, an attacker can execute arbitrary JavaScript code in the context of the victim's browser.
This exploit allows an attacker to execute arbitrary code on a remote system running Webedition CMS v2.9.8.8. By injecting malicious PHP code into the Description area of a new Webedition page, an attacker can execute system commands, such as reading sensitive files like /etc/passwd. The exploit requires the attacker to have login credentials.
Services By CQR