The `author` parameter from the AeroCMS-v0.0.1 CMS system appears to be vulnerable to SQL injection attacks. The malicious user can dump-steal the database, from this CMS system and he can use it for very malicious purposes.
The 3dady real-time web stats WordPress plugin is vulnerable to stored XSS. Specifically in the dady_input_text and dady2_input_text fields because the user's input is not properly sanitized which allows the insertion of JavaScript code that can exploit the vulnerability.
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the “Naming Conventions” section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page.
A vulnerability in Teleport v10.1.1 allows an attacker to execute arbitrary code on the target system by sending a malicious payload to the vulnerable server. The payload is decoded to a bash command which is then executed on the target system.
Feehi CMS 2.1.1 is vulnerable to Remote Code Execution (RCE) when an authenticated user uploads a malicious php script with jpg/png extension, and using Burp suite or any tamper data browser add ons, changes back the extension to php. The malicious script can be accessed at http://feehi-cms.local/uploads/setting/ad/[some_random_id].php
TP-Link Tapo c200 is vulnerable to an unauthenticated remote code execution (RCE) vulnerability. An attacker can exploit this vulnerability by sending a malicious payload to the device. The payload will be executed on the device without any authentication. This vulnerability affects TP-Link Tapo c200 versions 1.1.15 and below.
WiFiMouse 1.8.3.4 is vulnerable to Remote Code Execution (RCE) due to improper input validation. An attacker can send malicious commands to the target system via the MouseServer service on port 1978, which can be used to execute arbitrary code on the target system.
The blink1control2 app (versions <= 2.2.7) utilises an insecure method of password storage which can be found by accessing the /blink1/input url of the api server. Password ciphertext for skype logins and email are listed and can be decrypted.
Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm v0.4.3 Due To Lack Of Ratelimit Protection. Create a acount with victims email id. When the account is created, its ask for email confirmation via validating OTP. Enter any random OTP and try to perfrom bruteforce attack and if otp matches, We can takeover that account.
An authentication bypass vulnerability found within the web interface of a Buffalo TeraStation Series Network Attached Storage (NAS) device, allows an unauthenticated malicious actor to gain administrative privileges. Using a proxy tool to intercept the request and responses, it was possible re-intercept the response and modify the JSON data, contained within the body. If you modify the 'success' to 'true' and change 'Pagemode' to '0', this will grant you authentication with administrator privileges, to the NAS.
Services By CQR