ReQlogic v11.3 is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can exploit this vulnerability by sending a malicious payload to the POBatch and WaitDuration parameters. The malicious payload is triggered when the user visits the URL with the malicious payload.
Exploit for gain reverse shell on Remote Command Execution via API
The `project_id` parameter from the Social Share Buttons-2.2.3 on the WordPress-6.0.2 system appears to be vulnerable to SQL injection attacks. The malicious user can dump-steal the database, from this system and he can use it for very malicious purposes. WARNING: The attacker can retrieve all-database from this system! NOTE: The users of this system are NOT protected, this SQL vulnerability is CRITICAL!
A Cross Site Scripting (XSS) vulnerability exists in Moodle is a free and open-source Learning Management System (LMS) written in PHP and distributed under the GNU General Public License. Vulnerable Code: line 111 in file "course/search.php" echo $courserenderer->search_courses($searchcriteria); Steps to exploit: 1) Go to http://localhost/course/search.php 2) Insert your payload in the "search" Proof of concept (Poc): The following payload will allow you to run the javascript - "><img src=# onerror=alert(document.cookie)>
This is a PoC for the Metadefender Core Privilege escalation vulnerability. To use this PoC, you need a Username & Password. The OMS_CSRF_TOKEN allows users to execute commands with higher privileges.
Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Skipper-Proxy) to the http request.
BoxBilling was vulnerable to Unrestricted File Upload. In order to exploit the vulnerability, an attacker must have a valid authenticated session as admin on the CMS. With at least 1 order of product an attacker can upload malicious file to hidden API endpoint that contain a webshell and get RCE
SugarSync installs a service with an unquoted service path. To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
HDD Health installs a service with an unquoted service path. To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
Services By CQR