The application is prone to an arbitrary file-upload because it fails to adequately sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files in the context of the web server process and execute commands.
The ZKTeco time attendance device does not require authentication to use the web interface, exposing the database of employees and their credentials.
The Subrion CMS version 4.2.1 is vulnerable to stored cross-site scripting (XSS). An attacker can inject malicious code into the tooltip value of the field add page, which will be executed when a user views the page. This can lead to various attacks, such as stealing sensitive information or performing actions on behalf of the user.
Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.
These Tapo cameras work via an app. There is a facility on the app to set up a “Camera Account”, which adds user details for the RTSP server. Unfortunately if you don’t set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the “cet” binary on the camera.You can gain unauthorised access to the RTSP stream using the following user details:User: ---Password: TPL075526460603
YouPHPTube v7.8 allows unauthenticated directory traversal and Local File Inclusion through the parameter in an /?lang=PATH+TRAVERSAL+FILE (without php) GET request. It also has a reflected Cross-Site Scripting (XSS) vulnerability.
scdbg.exe (all versions) is affected by a Denial of Service vulnerability that occurs when you use the /foff parameter or not with a specific shellcode causing it to shutdown. Any malware could use this option to evade the scan.
Heap-based buffer overflow controlling the Structured Exception Handler (SEH) records in Reseource Hacker v3.6.0.92, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument.
Buffer overflow controlling the Structured Exception Handler (SEH) records in Frhed (Free hex editor) v1.6.0, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument.
The Tftpd32_SE 4.60 software on Microsoft Windows 10 Home 64 bits is vulnerable to an unquoted service path vulnerability. This can allow an attacker to escalate privileges by placing a malicious executable in the path. The vulnerability was discovered by Ismael Nava.
Services By CQR