Stored XSS via uploading file in .ofd format. Create a file with .ofd extension and add XSS Payload inside the file. Login to showdoc v2.10.2 and go to file library. Upload the payload on file library and click on the check button. The XSS payload will executed once we visited the URL.
An OS Command Injection vulnerability exists in SolarView Compact 6.0. An attacker can send a malicious HTTP request to the vulnerable application in order to execute arbitrary OS commands on the server.
Survey Sparrow Enterprise Survey Software 2022 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the application, which will be executed in the browser of the victim when the vulnerable page is accessed. This can be exploited to steal session cookies and hijack user sessions.
Royal Event Management System 1.0 allows SQL Injection via parameter 'todate' in /royal_event/btndates_report.php#?= Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
A vulnerability in F5 BIG-IP 16.0.x could allow an unauthenticated, remote attacker to execute arbitrary code on the system. The vulnerability is due to improper validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending a crafted request to the affected system. A successful exploit could allow the attacker to execute arbitrary code on the system.
This exploit allows an authenticated user to execute arbitrary code on the vulnerable Ruijie Reyee Mesh Router. The vulnerability exists in the updateVersion API endpoint, which allows an attacker to inject arbitrary commands into the jsonparam parameter. The exploit requires the attacker to have valid credentials for the router.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'search' parameter of the 'admin.php' script when processing a search request. A remote authenticated attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
A Cross-Site Request Forgery (CSRF) vulnerability exists in WordPress Plugin Blue Admin 21.06.01, which allows an attacker to inject malicious JavaScript code into the login page of the plugin. By sending a specially crafted request, an attacker can inject arbitrary HTML and script code into the application, potentially allowing the execution of malicious code.
An RCE can be obtained on MyBB's Admin CP in Configuration -> Add New Setting. The user must have a rights to add or update setting. This is tested on MyBB 1.8.29. The vulnerability may have existed as early as 1.4.0 since this 'php' checking is introduced in 1.4.0 (https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f)
In the functionality 'forgot password', it's possible to modify the Header 'Host', injecting malicious host, allowing stealing the token and resetting the password from a victim (Requires user interaction)
Services By CQR