A vulnerability in Eclipse Jetty could allow an unauthenticated, remote attacker to gain access to sensitive information on a targeted system. The vulnerability is due to improper access control of certain files. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted system. A successful exploit could allow the attacker to gain access to sensitive information, such as web.xml file.
Fuel CMS 1.4.1 is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a crafted request to the application. This will allow the attacker to execute arbitrary code on the server.
Multiple persistent input validation web vulnerabilities have been discovered in the official Hotel Listing v3.x wordpress plugin web-application. The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module. The vulnerability is located in the `myaccount` module with the bound vulnerable `name` and `email` input fields. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable module. The request method to inject is POST and the attack vector is located on the application-side.
A vulnerability in Codiad 2.8.4 allows an authenticated user to execute arbitrary code on the server. An attacker can upload a malicious file to the INF directory and delete it to get the full path of the file. The attacker can then use curl to execute the malicious file and gain a reverse shell.
The application doesn't allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account with 'viewer' or 'operator' permissions has been added by the default admin user 'i3admin', a PUT request can be issued calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.
Kingdia CD Extractor 3.0.2 is vulnerable to a buffer overflow vulnerability when a maliciously crafted file is opened. This can be exploited to execute arbitrary code by overwriting the SEH handler with a malicious payload.
This module exploits privilege escalation vulnerability in Ericsson Network Location Mobile Positioning Systems. It creates a new admin user with SQL Query. Thanks to the Meow variant, it does this with the PostgreSQL password it stole. Therefore low authority user can gain the authority of "admin" on the application.
An unauthenticated attacker can exploit a SQL injection vulnerability in Employee Record Management System 1.2 by sending a malicious request to the forgetpassword.php page. The vulnerable parameter is the 'Email' field, which can be used to inject a malicious payload. By sending the payload to the sqlmap tool, an attacker can retrieve all databases from the system.
A successful attempt would require the local user to be able to insert their code in the system root path (depending on the installation path). The service might be executed manually by any Authenticated user. If successful, the local user's code would execute with the elevated privileges of Local System.
Mini-XML is a small XML parsing library written in C. A heap overflow vulnerability exists in Mini-XML 3.2 due to an incorrect bounds check in the mxml_string_getc() function. An attacker can exploit this vulnerability by providing a specially crafted XML file to the application, resulting in a denial of service or potentially arbitrary code execution.
Services By CQR