Library System in PHP V1.0 is vulnerable to stored cross site scripting because of insufficient user supplied data sanitisation. An attacker can exploit this vulnerability by entering a malicious payload in the publisher field and clicking on Save. The payload will be stored in the database and executed when the page is loaded.
The True Ranker plugin for WordPress is vulnerable to an unauthenticated arbitrary file read vulnerability. An attacker can send a specially crafted request to the vulnerable endpoint and read arbitrary files from the server.
This exploit allows an unauthenticated attacker to execute arbitrary code on the target system. The exploit works by uploading a malicious PHP script to the target system, which is then executed by the web server. The malicious script then creates a reverse shell to the attacker's machine, allowing them to execute arbitrary commands on the target system.
This exploit allows an unauthenticated attacker to execute arbitrary code on the vulnerable system by exploiting a SQL injection vulnerability in the Movie Rating System 1.0. The attacker can craft a malicious SQL query to inject malicious code into the vulnerable system, which can then be executed by the web server.
This exploit allows an unauthenticated user to create an admin account on the Movie Rating System 1.0 application. The exploit is achieved by sending a POST request to the classes/Users.php?f=save endpoint with the required parameters. Once the admin account is created, the attacker can log in to the application using the credentials provided.
The plugin does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks.
ConnectWise Control 19.2.24707 is vulnerable to username enumeration. An attacker can use this vulnerability to enumerate valid usernames on the system. This exploit is based on the payloads and headers used in the requests. The exploit uses multiprocessing to speed up the enumeration process.
Contact Form Entries < 1.1.7 is vulnerable to Unauthenticated Stored Cross-Site Scripting. When the user uploads a new form, CRM Form Entries checks for the client IP in order to save information about the user. The user can set an arbitrary 'HTTP_CLIENT_IP' value, and the value is stored inside the database.
RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write). Furthermore, an attacker might leverage the capability of arbitrary file overwrite to modify existing file such as /etc/passwd or /etc/shadow if the current PHP process user is run as root.
This exploit is a denial of service attack against Siemens S7-300, S7-400 PLCs. It uses scapy to send a series of packets with a spoofed source MAC address to the target device, causing it to crash.
Services By CQR