A vulnerability in Webmin 1.996 allows an authenticated user to execute arbitrary code on the server. This is due to the lack of input validation in the update.cgi script, which allows an attacker to inject malicious code into the 'u' parameter. This code is then executed by the server when the update is installed.
This script uploads a php reverse shell to the target. NanoCMS does not sanitise the data of an authenticated user while creating webpages. Pages are saved with .php extensions by default, allowing an authenticated attacker access to the underlying system.
A path traversal vulnerability exists in Omnia MPX 1.5.0+r1 which allows an attacker to access sensitive files and user database. By sending a crafted HTTP request to the vulnerable server, an attacker can access the files and user database stored in the server.
mPDF is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to read sensitive files from the server. The attacker can craft a malicious payload and send it to the vulnerable server. The payload contains the file name which the attacker wants to read from the server. The attacker can also use the base64 encoded payload to bypass the security filters. The attacker can also use the URL encoded payload to bypass the security filters.
There is a path traversal vulnerability in the browse template feature in CuteEditor for PHP via the 'rename file' option. An attacker with access to CuteEditor functions can write HTML templates to any directory inside the web root.
Some system information may be disclosure. System information is obtained using the 'view' parameter.
It allows an attacker to download the backup file. The backup file can be downloaded using the 'is_daws' parameter.
An unauthenticated user can view the source code of the set_safety.shtml page and search for the variable syspasswd to find the username and password.
The vulnerability allows an attacker to view the username and password of the Wavlink WN533A8 router by accessing the sysinit.shtml page.
A Cross-Site Scripting (XSS) vulnerability exists in Wavlink WN533A8, which allows an attacker to inject malicious JavaScript code into the application. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is due to insufficient validation of user-supplied input in the 'login_page' parameter of the 'login.cgi' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server.
Services By CQR