The Chitor-CMS version 1.1.2 is vulnerable to a pre-auth SQL injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the context of the database.
An attacker who has the authority to create a new entry can execute a stored XSS attack by injecting malicious payload into the application.
If we load the poc.phar file in the image field while creating a category, we can run commands on the system. The exploit uses the payload '<?php echo system("cat /etc/passwd"); ?>' to execute the 'cat /etc/passwd' command on the system. The file with the payload is uploaded with a .phar extension.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Fatal OOM/crash of Chrome browser while detaching/attaching tabs on macOS.
It was detected a JWT signed using a well-known HMAC secret key. The key used which was found was a secret Key. The user can find a secret key authentication while sending normal post requests. After he found the Authorization: Bearer key he can use it to authenticate and he can be sending a very malicious POST request, it depends on the scenario.
While writing a blog post, an authenticated user can upload a file with PHP code embedded in it, allowing for remote code execution. The vulnerability exists in dotclear version 2.25.3. By uploading a file with the payload '<?php echo system("id"); ?>', an attacker can execute arbitrary PHP code on the server.
local privilege escalation vertical from Administrator to NT AUTHORITY / SYSTEM
Google Chrome attempts to load the 'libssckbi.so' file from a user-writable location. It is possible to achieve code execution by placing a malicious file with the name 'libnssckbi.so' in the specified path.
This exploit allows an attacker to disclose arbitrary files on a target system running Icinga Web version <2.8.6, <2.9.6, <2.10. By exploiting a path traversal vulnerability, the attacker can specify a file to be disclosed and retrieve its contents. The vulnerability is identified by CVE-2022-24716. The exploit is based on the findings outlined in the blog post by SonarSource.
Services By CQR