An authenticated remote code execution vulnerability exists in SimpleMachinesForum v2.1.1. An attacker can exploit this vulnerability by logging in with admin credentials, navigating to the Admin=>Main=>Administration Center=>Configuration=>Themes and Layout=>Modify Themes=>Browse the templates and files in this theme.=>Admin.template.php page, and inserting a vulnerable php code. The attacker can then execute the code without any valid login as it is not required. This can be used as a backdoor.
An authenticated SQL injection vulnerability exists in ImpressCMS v1.4.3. This vulnerability can be exploited by sending a malicious POST request to the vulnerable parameter 'mimetypeid' in the admin.php file. An attacker can use this vulnerability to execute arbitrary SQL commands on the vulnerable system.
A Cross-Site Scripting (XSS) vulnerability exists in Password Manager for IIS v2.0 when changing user password. An attacker can send a malicious payload in the ReturnURL parameter of an HTTP POST request to PasswordManager.dll, which will be executed in the victim's browser. This can be used to steal the victim's cookies and hijack their session.
The DLink DIR 819 A1 router is vulnerable to a denial of service attack. An attacker can send a specially crafted HTTP request to the router, which will cause the router to crash and become unresponsive. The vulnerability is due to a buffer overflow in the router's web server. The exploit code is available on Github and can be used to send a malicious HTTP request to the router.
A vulnerability in GuppY CMS v6.00.10 allows an attacker to execute arbitrary code on the target system. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'connect.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious code to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary code execution on the target system.
There is a Remote Code Execution vulnerability in NVFLARE. It is possible to execute arbitrary commands on the server for connected clients. The vulnerability exists due to the deserialization of user data with the pickle module. The client generates a malicious data packet like this: aux_message.data["fl_context"].CopyFrom(bytes_to_proto(generate_payload('curl http://127.0.0.1:4321')))
The Employee Performance Evaluation System-1.0 suffer from File Inclusion - RCE Vulnerabilities. The usual user of this system is allowed to submit a malicious file or upload a malicious file to the server. After then this user can execute remotely the already malicious included file on the server of the victim. This can bring the system to disaster or can destroy all information that is inside or this information can be stolen.
A Blind SQL injection vulnerability in the 'cid' parameter in Online Pizza Ordering System allows remote unauthenticated attackers to dump database through arbitrary SQL commands.
A Blind SQL injection vulnerability in the login page (/hrm/controller/login.php) in Human Resources Management System allows remote unauthenticated attackers to execute remote command through arbitrary SQL commands by 'name' parameter.
Inside the configuration backup from 'Maintenance/System/Configuration Settings' is the bash script 'rc.init.sh'. The device does not check the integrity of a restored configuration backup which enables editing of set bash script. This bash script will be executed when the device boots.
Services By CQR