An information disclosure vulnerability exists in Hasura GraphQL Community 2.2.0. An attacker can send a specially crafted request to the server to leak environment variables. The attacker can send a POST request to the '/v1/metadata' endpoint with a specially crafted payload containing an environment variable key to leak. This can lead to the disclosure of sensitive information.
Attendance and Payroll System v1.0 is vulnerable to an authentication bypass through SQL injection. An attacker can exploit this vulnerability by sending a specially crafted payload to the login page of the application. The payload will bypass the authentication and allow the attacker to access the application as an administrator.
part-db 0.5.11 is vulnerable to Remote Code Execution (RCE) due to improper input validation. An attacker can craft a malicious payload and upload it to the vulnerable application, which can be used to execute arbitrary code on the server. This vulnerability is identified as CVE-2022-0848.
Spring Cloud Gateway versions < 3.0.7 & < 3.1.1 are vulnerable to Remote Code Execution (RCE). An attacker can exploit this vulnerability by sending a malicious payload to the /actuator/gateway/routes/ endpoint, which will execute arbitrary code on the server. The payload is then sent to the /actuator/gateway/refresh endpoint, which will execute the malicious code.
A vulnerability in Printix Client 1.3.1106.0 allows an attacker to execute arbitrary code on the target system. This is achieved by sending a maliciously crafted request to the Printix Client service, which can be used to execute arbitrary code on the target system. The vulnerability is due to improper validation of user-supplied input, which can be exploited to execute arbitrary code on the target system.
A Cross-Site Scripting (XSS) vulnerability was discovered in the ZyWALL 2 Plus Internet Security Appliance. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server. The malicious request contains a malicious payload in the form of an image tag with an onerror attribute that triggers a JavaScript prompt. This can be used to execute arbitrary JavaScript code in the context of the vulnerable server.
This PoC assumes guest login is enabled and the en-GB langues files are used. This PoC wil overwrite the existing langues file (.inc) for the englisch index page with a shell. Vulnerable url: https://<host>/website_code/php/import/fileupload.php. The mediapath variable can be used to set the destination of the uploaded. Create new project from template -> visit "Properties" (! symbol) -> Media and Quota. Create a malicious file and upload it to the server. Execute the malicious file.
This PoC assumes guest login is enabled. Vulnerable url: https://<host>/getfile.php?file=<user-direcotry>/../../database.php You can find a userfiles-directory by creating a project and browsing the media menu. Create new project from template -> visit 'Properties' (! symbol) -> Media and Quota -> Click file to download The userfiles-direcotry will be noted in the URL and/or when you download a file. They look like: <numbers>-<username>-<templatename>
A vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS allows an attacker to gain admin privileges by manipulating the cookie value in the HTTP request. The vulnerable firmware version is 03.05.10(17).
Casdoor is vulnerable to an unauthenticated SQL injection vulnerability due to improper input validation. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially leading to the disclosure of sensitive information.
Services By CQR