The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
The attacker can send to victim a link containing a malicious URL in an email or instant message and can perform a wide variety of actions, such as stealing the victim's session token or login credentials
This exploit allows an unauthenticated attacker to read arbitrary files on the target system. By sending a specially crafted request, the attacker can traverse directories and access files that should be restricted.
This exploit allows an authenticated user to execute arbitrary JavaScript code on the target website by submitting a crafted form template.
The Adiscon LogAnalyzer version 4.1.13 and earlier is vulnerable to cross-site scripting (XSS) attacks. The vulnerability allows an attacker to inject malicious scripts into certain URLs, leading to potential XSS attacks. The issue exists in various pages of the application, such as 'asktheoracle.php', 'chartgenerator.php', 'details.php', 'index.php', 'search.php', 'export.php', 'reports.php', and 'statistics.php'. By exploiting this vulnerability, an attacker can execute arbitrary scripts in the context of the user's browser, potentially leading to session hijacking, information theft, or other malicious actions.
The Ruijie Reyee Cloud Web Controller allows the user to use a diagnostic tool which includes a ping check to ensure connection to the intended network, but the ip address input form is not validated properly and allows the user to perform OS command injection. In other side, Ruijie Reyee Cloud based Device will make polling request to Ruijie Reyee CWMP server to ask if there's any command from web controller need to be executed. After analyze the network capture that come from the device, the connection for pooling request to Ruijie Reyee CWMP server is unencrypted HTTP request. Because of unencrypted HTTP request that come from Ruijie Reyee Cloud based Device, attacker could make fake server using Man-in-The-Middle (MiTM) attack and send arbitrary commands to execute on the cloud based device that make CWMP request to fake server. Once the attacker have gained access, they can execute arbitrary commands on the system or application, potentially compromising sensitive data, installing malware, or taking control of the system.
This exploit takes advantage of a buffer overflow vulnerability in General Device Manager version 2.5.2.2. By sending a specially crafted input to the 'IP Address' field, an attacker can trigger a buffer overflow and execute arbitrary code on the target system.
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials
Services By CQR