A vulnerability in Airspan AirSpot 5410 version 0.3.4.1-4 and under allows an attacker to execute arbitrary code on the device. This is due to the lack of input validation in the pingDiagnostic.cgi page, which allows an attacker to inject arbitrary commands into the ping command. This can be exploited by sending a specially crafted POST request to the pingDiagnostic.cgi page.
A vulnerability in Mobile Mouse 3.6.0.4 allows an attacker to execute arbitrary code on the target system. The vulnerability exists due to an improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. Successful exploitation of this vulnerability could result in arbitrary code execution on the target system.
WordPress Plugin "Netroics Blog Posts Grid" is prone to a stored cross-site scripting (XSS) vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin "Netroics Blog Posts Grid" version 1.0 is vulnerable; prior versions may also be affected. Login as Editor > Add testimonial > Under Title inject payload below ; parameter (post_title parameter) > Save Draft > Preview the post payload --> user s1"><img src=x onerror=alert(document.cookie)>.gif The draft post can be viewed using other Editor or Admin account and Stored XSS will be triggered.
WordPress Plugin "Testimonial Slider and Showcase" is prone to a cross-site scripting (XSS) vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin "Testimonial Slider and Showcase" version 2.2.6 is vulnerable; prior versions may also be affected. Login as Editor > Add testimonial > Under Title inject payload below ; parameter (post_title parameter) > Save Draft > Preview the post payload --> test"/><img/src="'/onerror=alert(document.cookie)> The draft post can be viewed using the Editor account or Admin account and XSS will be triggered once clicked.
This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication.
When creating a rule node (any) and putting a script payload inside the description of the rule node, it is executed upon hovering above the node within the editor.
When creating a rule node (any) and putting a script payload inside the name of the rule node, it is executed upon hovering above the node within the editor.
Feehi CMS 2.1.1 is vulnerable to stored cross-site scripting (XSS). An attacker can inject malicious JavaScript code into the username field of the sign-up form. When a user visits any article page, the malicious code will be triggered and executed.
This exploit assumes that the website uses 'ps_' as prefix for the table names since it is the default prefix given by PrestaShop. It finds the length of the current database name and then enumerates it character by character. It then prints the current database name.
Arbitrary files could be read using directory traversal if the application is not running as root after authenticating. If the server has anonymous login enabled, it will be possible to read arbitrary files even without authentication.
Services By CQR