Navigate CMS 2.9.4 is vulnerable to Server-Side Request Forgery (SSRF) when an authenticated user is able to send a malicious request to the server. This can be exploited to gain access to internal resources, such as the local network, and can be used to perform further attacks. This vulnerability affects Navigate CMS versions 2.9.4 and earlier.
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. explore CMS is vulnerable to the SQL Injection in 'id' parameter of the 'page' page.
This exploit allows an attacker to traverse the directory structure of the DLINK DAP-1620 A1 v1.01 router by sending a specially crafted HTTP POST request. The request contains a parameter that points to the directory structure of the router, which can be used to access sensitive files such as the /etc/passwd file.
This exploit allows an attacker to execute arbitrary code on a vulnerable PyScript server. The exploit uses the open() function to read the contents of the tasks.py file, which is then printed to the console. The attacker then uses a script tag to inject malicious code into the console.logs array, which is then sent to a remote server via a POST request.
This exploit is a Use After Free vulnerability in Google Chrome versions 76 - 78.0.3904.70. It allows for remote code execution on the target machine.
An authenticated user can exploit an SQL Injection vulnerability on the Puncher plugin if its enabled. User has to start the puncher and stop it but upon stopping an additional parameter 'date' must be passed. The 'date' parameter is then injected with SQL payload for leaking database contents.
Apache CouchDB is vulnerable to Remote Code Execution (RCE) due to a flaw in the Erlang Cookie. An attacker can exploit this vulnerability by sending a crafted payload to the Erlang Port Mapper Daemon (EPMD) on port 4369. This payload will allow the attacker to execute arbitrary code on the vulnerable system.
Due to software design flaws an unauthenticated user can communicate over UDP with the 'InstallAssistService.exe' service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges.
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image.
Account with administrative privileges can bypass upload image restriction (XSS Stored from .svg file) by uploading SVG from localhost ->http://127.0.0.1:8070/xxe_svg2.svg. User click to comment in news, writes any character in the comment field, and clicks elsewhere outside the comment field.
Services By CQR