Remote Command Execution (RCE) vulnerability in Webgrind <= 1.1 allow remote unauthenticated attackers to inject OS commands via /<webgrind_path_directory>/index.php in dataFile parameter. Reflected Cross-Site Scripting (XSS) vulnerability in Webgrind v1.1 and before, does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability via the /<webgrind_path_directory>/index.php, in file parameter.
A vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003. It could be exploited by remote attacker to take complete control of an affected system. This issue is due to stack overflow error in function that read secions from WPS file. When we change size of for example TEXT section to number langer than 0x10, stack overflow occurs - very easy to exploit.
Zentao Project Management System 17.0 suffers from an authenticated command injection allowing remote attackers to obtain Remote Code Execution (RCE) on the hosting webserver. The vulnerability lies in the 'model.php' file, specifically in the 'elseif($scm == 'Git')' section. The 'client' parameter, taken from the POST request, is not properly sanitized before being used in a command. An attacker can inject arbitrary commands into the '$client tag' command, leading to command execution.
The vulnerability allows an attacker to cause a denial of service (DoS) condition on the Sysax Multi Server version 6.95. By providing a long string as the password, the application crashes. This can lead to a disruption in the availability of the server.
This exploit allows an authenticated user to execute remote code on MODX Revolution version 2.8.3-pl. The exploit involves abusing the functionality of uploading files by adding the .php file extension to the 'Uploadable File Types' option in 'System Settings'. The attacker can then upload a shell.php file through the Media Browser and gain a reverse shell.
The value of the searchdata request parameter is copied into the HTML document as plain text between tags. The payload cyne7<script>alert(1)</script>yhltm was submitted in the searchdata parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../../../../../../../../../../../etc/passwd[0x00]eyJpdiI6InhwNlhibUc0K3hrL3RQdHZNYlp5Qnc9PSIsInZhbHVlIjoiU2daQ2YzeFNWSjN4OHZNdEZSMlhiOVpkbGUweDdKSDdXbXc1eitGc3RSTXNFTFBqUGR1ekJOSitUTjcyWVRYTkVzV2lpMDkxb3FHM2k5S1Y2VlZZRGVVN2h2WkpJeGcxZVluVDhrdDkvUDgxN2hTNjY5elRtQllheDlPOEM5aGgiLCJtYWMiOiI4ZDBkMjI0NmFkNDQ2YTA5ZjhkNDI0ZjdhODk0NWUzMjY2OTIxMjRmMzZlZjI4YWMwNmRiYTU5YzRiODE5MDk5IiwidGFnIjoiIn0=
The Owlfiles File Manager 12.0.1 is vulnerable to path traversal and local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to access sensitive files and directories on the server.
The IOTransfer V4 software on Microsoft Windows Server 2019 Standard Evaluation allows local users to gain privileges via an unquoted service path vulnerability.
The Wordpress Plugin ImageMagick-Engine version 1.7.4 and earlier is vulnerable to remote code execution. An attacker can exploit this vulnerability by sending a specially crafted payload to the admin-ajax.php file, which allows them to execute arbitrary code on the target system.
Services By CQR