This exploit allows an unauthenticated attacker to execute arbitrary code on the vulnerable system. The attacker can bypass the login page of the Online Diagnostic Lab Management System v1.0 by using a SQL injection attack. The attacker can then upload a malicious PHP file to the server, which can be used to execute arbitrary code on the vulnerable system.
A vulnerability in System Mechanic version 15.5.0.61 allows an attacker to read and write arbitrary data in the kernel memory. This is due to a lack of proper validation of user-supplied input in the AmpIoctlHandler function. An attacker can exploit this vulnerability by sending a specially crafted IOCTL request to the vulnerable driver.
An authenticated SQL injection vulnerability exists in the Translatepress Multilingual WordPress plugin version < 2.3.3. An attacker can exploit this vulnerability by sending a malicious payload to the trp_settings[translation-languages][] parameter in a POST request. The payload is a time-based blind payload that will cause the MySQL database to sleep for 5 seconds.
Authenticated SQL injection vulnerability in the "NEX Forms" Wordpress plugin. An attacker can exploit this vulnerability by sending a malicious payload to the "form_id" parameter via a GET request. The payload is a time-based blind payload which will cause a delay in the response. This can be used to extract data from the database.
A vulnerability in the camp Raspberry Pi camera server allows an attacker to bypass authentication by sending a crafted cookie. This can be done by fetching the SHA-512 password hash using one of the methods mentioned in the exploit and then executing a python snippet to generate a cookie value. This cookie value can then be used to bypass authentication.
The exploit is used to exploit a vulnerability present in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1. The exploit is used to execute a command on the server and the server will send a 500 http response with the stout output from the command executed.
An attacker can send a malicious request to the vulnerable server using wkhtmltopdf 0.12.6. The malicious request contains an iframe with a source of an attacker-controlled server. This can be used to perform a Server Side Request Forgery (SSRF) attack.
WorkOrder CMS 0.1.0 is vulnerable to SQL Injection. An attacker can bypass authentication by using username: ' or '1'='1 and password: ' or '1'='1. Additionally, an attacker can use error-based, stacked queries, and time-based blind payloads to exploit the vulnerability. The payloads are: error-based: userName=1'='1&password=1/' AND (SELECT 3761 FROM(SELECT COUNT(*),CONCAT(0x7170627071,(SELECT (ELT(3761=3761,1))),0x71787a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- UUhY!1111'/, stacked queries: userName=1'='1&password=1/';SELECT SLEEP(5)#!1111'/, and time-based blind: userName=1'='1&password=1/' AND (SELECT 6822 FROM (SELECT(SLEEP(5)))lYsh)-- YlDI!1111'/.
An XXE vulnerability exists in MAN-EAM-0003 V3.2.4, which allows an attacker to read arbitrary files on the system. By sending a specially crafted XML file to the xmlstatus.cgi page, an attacker can read the contents of the /etc/passwd file. This vulnerability is due to insufficient input validation of user-supplied XML data.
Login into AX3200 webui, go to diagnostics page and put 'google.com|ls' to perform a traceroute. This will get the file list and also one can try 'example.com|id' to ensure that all commands executed as a root user.
Services By CQR