A successful attempt to exploit this vulnerability could allow to execute code during startup or reboot with the elevated privileges.
Malicious user with the permissions to upload profile picture for a contact, can upload an SVG file containing malicious JavaScript code that will be executed by anyone opening the malicious resource.
KiteService is a Windows service installed with Kite 1.2021.610.0. The service is configured to run with the LocalSystem account and has an unquoted service path. This can be exploited by a local attacker to gain elevated privileges.
An unauthenticated attacker can exploit a vulnerability in IOTransfer V4 to execute arbitrary code on the target system. The vulnerability exists in the IOTransfer web server, which listens on port 7193. An attacker can send a specially crafted request to the server to upload a malicious file to the target system. The malicious file can then be executed by the attacker.
Malicious users have the ability to send API requests to localhost and this request will be executed without any additional checks. As long as CSRF exists and unrestricted API calls as well, XSS could lead any API calls including email deletion, sending, reading or any other call.
WSO2 Management Console is vulnerable to unauthenticated reflected cross-site scripting (XSS) attacks. An attacker can craft a malicious URL and send it to an unsuspecting user. When the user clicks on the link, the malicious payload is executed in the user's browser. Affected versions include API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0 and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; WSO2 Micro Integrator 1.0.0.
If you look at the code, the user code checks the parameters and finally executes the Blowf argument with the eval function. The Eval function is to take a string of PHP commands and execute it. In order to be able to exploit this vulnerability, it is enough to send a request such as the following request that according to the above code, the part with If should be set blowfish and blowf arguments and not empty, and given that eval executes the blowf value, Our favorite command must also be in this argument.
SolarView Compact 6.00 is vulnerable to Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'pow' parameter of the Solar_SlideSub.php page. This code will be executed in the browser of the victim when the page is loaded.
SolarView Compact 6.00 is vulnerable to Cross-Site Scripting (XSS) due to improper input validation of the 'time_begin' parameter. An attacker can inject malicious JavaScript code into the 'time_begin' parameter of the 'Solar_History.php' page, which will be executed in the browser of the victim when the page is loaded.
An authentication bypass vulnerability exists in Old Age Home Management System 1.0 due to improper validation of user-supplied input. An attacker can exploit this vulnerability to bypass authentication and gain access to the application.
Services By CQR