Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution vulnerabilities such as command injection, Blind SQL injection, HTTP request smuggling, and reflected cross-site scripting. This resulted in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.
This exploit allows an authenticated user to access files outside of the intended directory structure on the TP-Link TL-WR740N router. By sending a specially crafted GET request, the attacker can traverse directories and access sensitive files such as the /etc/shadow file, which contains hashed passwords.
The Blackcat Cms v1.4 application is vulnerable to remote code execution (RCE) due to improper handling of user-supplied input. An attacker can upload a specially crafted ZIP file containing a malicious PHP file and execute arbitrary commands on the server.
The Blackcat CMS version 1.4 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious code into the application, which will be executed when the targeted user views the affected page.
This exploit allows an attacker to expose sensitive information in ABB FlowX v4.00. By sending a specific request, the attacker can retrieve user login information from the system.
The statamic-4.7.0 suffers from file inclusion - file upload vulnerability. The attacker can upload a malicious HTML file and can share the malicious URL which uses the infected HTML file to the other attackers in the network, they easily can look at the token session key and can do very dangerous stuff.
The CmsMadeSimple v2.2.17 application is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious code into the metadata section, which will be executed when the content is viewed.
This exploit allows remote attackers to execute arbitrary code on the affected system. The vulnerability exists in CmsMadeSimple version 2.2.17.
The CmsMadeSimple v2.2.17 application is vulnerable to session hijacking through Server-Side Template Injection (SSTI). An attacker can inject malicious code into the content section, which can be executed when a user visits the page. This allows the attacker to hijack the user's session cookies.
This exploit allows an attacker to upload a malicious shell.php file to the target system using the Online Piggery Management System v1.0. By exploiting this vulnerability, an attacker can execute arbitrary commands on the target system.
Services By CQR