The vulnerability laboratory core research team discovered a local kiosk privilege escalation vulnerability in the operating system of the Aures Komet Booking & POS Terminal (Windows 10 IoT Enterprise) used by the german company immergrün franchise gmbh.
The vulnerability laboratory core research team discovered multiple persistent web vulnerabilities in the Webile v1.0.1 Wifi mobile android web application.
The vulnerability laboratory core research team discovered multiple web vulnerabilities in the official Dooblou WiFi File Explorer 1.13.3 mobile android wifi web-application.
A client-side cross site scripting vulnerability has been discovered in the official PaulPrinting (v2018) cms web-application. Remote attackers are able to manipulate client-side requests by injection of malicious script code.
Multiple html injection vulnerabilities have been discovered in the Active Super Shop Multi-vendor CMS v2.5 web-application. The web vulnerability allows remote attackers to inject their own html codes with a persistent vector to manipulate application content. The persistent html injection web vulnerabilities are located in the name, phone, and address parameters of the manage profile and products.
A persistent script code injection web vulnerability has been discovered in the official Boom CMS v8.0.7 web-application. The vulnerability allows remote atta...
The RaidenFTPD 2.4.4005 software is vulnerable to a buffer overflow vulnerability. By sending a specially crafted payload, an attacker can trigger a stack-based buffer overflow, potentially allowing for remote code execution.
The Wifi Soft Unibox Administration 3.0 and 3.1 Login Page is vulnerable to SQL Injection, which can lead to unauthorized admin access for attackers. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page and directly sending the input to the backend server and database.
The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable to Elevation of Privilege. The attacker can use this vulnerability to attach a very malicious WORD file in the Outlook app which is a part of Microsoft Office 365 and easily can trick the victim to click on it - opening it and executing a very dangerous shell command, in the background of the local PC. This execution is without downloading this malicious file, and this is a potential problem and a very dangerous case! This can be the end of the victim's PC, it depends on the scenario.
This module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup & Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.
Services By CQR