A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and prior allows remote attackers to inject arbitrary web script or HTML via the 'groupId' parameter. An attacker sends a draft URL [IP]/#users.users.public-registration!groupId=1%27%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E to victim. When a victim opens the URL, XSS will be triggered.
Visiting the URL http://<IP Address>/boafrm/formWlanRedirect?redirect-url=http://attacker.com&wlan_id=1 allows an attacker to redirect users to a malicious website.
Visiting http://<IP Address>/config.dat allows access to the configuration file without authentication.
ManageEngine ADSelfService Plus Build 6118 is vulnerable to NTLMv2 Hash Exposure. An attacker can exploit this vulnerability by setting up an SMB server to capture the NTMLv2 hash and relaying it to SMB or LDAP. The attacker can then fire up the exploit to obtain the NTLMv2 hash of the user/computer account that runs the ADSelfService in five minutes.
The application 'Wondershare Dr. Fone' comes with 3 services: DFWSIDService, ElevationService, and Wondershare InstallAssist. All the folders that contain the binaries for the services have weak permissions, which allow any authenticated user to get SYSTEM privileges. First, we need to check if services are running using the command 'wmic service get name,displayname,pathname,startmode,startname,state | findstr /I wondershare'. Then, we need to check if we have enough privileges to replace the binaries using the command 'icacls'.
The UDisk Monitor Z5 Phone service is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system. The service is installed with the Android_USB_Driver_Z package and is set to start automatically. The service path is not quoted, allowing an attacker to inject malicious code into the path.
SAP BusinessObjects Intelligence 4.3 is vulnerable to XML External Entity (XXE) attacks. An attacker can send a specially crafted XML request to the application, which can then be used to read arbitrary files on the server or perform remote requests. The attacker can also use the XXE vulnerability to perform server-side request forgery (SSRF) attacks.
CSZ CMS 1.3.0 is vulnerable to Blind SQL Injection. By entering the ' character in the search section, it is determined that the 'p' parameter creates the vulnerability. Databases can be accessed with manual or automated tools.
Bitrix24 is a web-based collaboration platform that allows users to manage their projects, tasks, documents, and customer relationships. A vulnerability in the platform allows an authenticated user to execute arbitrary code on the server. This exploit was discovered by picaro_o in April 2022 and tested on Linux OS. The exploit requires the user to provide the Bitrix URL, username, and password. The exploit then uses a POST request to authenticate the user and a GET request to extract the session ID. The exploit then uses a POST request to execute the arbitrary code on the server.
The affected version of the Bookeen Notea System Update is prone to directory traversal vulnerability related to its note Export function. The vulnerability can be triggered by creating a note or using an existing note on the device, renaming it to '../../../../../../', and then selecting 'export' and 'View' from the menu that appears. This allows access and exploration of the device filesystem.
Services By CQR