An issue was discovered in Sonicwall NAS, SonicWall Analyzer version 8.5.0 (may be affected on other versions too). The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. This means affected hosts can be used by attackers to hide behind during various other attack. Impact: Host Header changed to different domain (fakedomain.com). Fakedomain.com can be found in two lines in the HTTP response, below are the two lines.
Logitech Media Server 8.2.0 is vulnerable to Cross-Site Scripting (XSS) in the 'Title' field. An attacker can inject malicious JavaScript code into the 'Title' field, which will be executed when the page is loaded. The payload used in the proof-of-concept is '><img src=1 onerror=alert(1)>', which will cause an alert box to be displayed when the page is loaded.
Student Quarterly Grading System v1.0 has Stored XSS at 'Add New Class' Function. An attacker can inject malicious JavaScript code into the 'grade' field of the 'Add New Class' form, which will be stored in the database and executed when the page is loaded by a victim.
A SQL injection vulnerability exists in Simple Issue Tracker System 1.0, which allows an attacker to bypass authentication by entering a payload to the username parameter. An attacker can send a POST request to the Actions.php page with a payload of '+OR+1+--+-' in the username parameter and any character in the password parameter to bypass authentication.
Online Learning System v2.0 Login pages can be bypassed with a simple SQLi to the username/facultyID/studentID parameters. Steps To Reproduce: 1 - Go to one of the login portals 2 - Enter the payload to username field as 'bypass' or 1=1-- -' without double-quotes ('bypass' is can be anything in this scenario) and type anything you want to the password field. 3 - Click on 'Login' button and you are logged in as first user in database, which is admin user for admin portal.
The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using crafted post request.
Cypress Solutions CTM-200/CTM-ONE devices are prone to hard-coded credentials vulnerability. Attackers can exploit this issue to gain access to the affected device and execute arbitrary code with root privileges.
This exploit is used to traverse the path of the Apache HTTP Server 2.4.50 and execute remote code. The exploit is written in Bash and uses curl to send a malicious payload to the target server. The payload contains a command that is executed on the target server. The exploit is tested on Apache HTTP Server 2.4.50.
Keycloak 12.0.1 is vulnerable to Blind Server-Side Request Forgery (SSRF) when an unauthenticated user sends a malicious request_uri parameter to the /auth/realms/master/protocol/openid-connect/auth endpoint. This allows an attacker to send requests from the Keycloak server to any other server on the internet.
A vulnerability exists in the Company's Recruitment Management System 1.0, which allows an unauthenticated attacker to bypass authentication and gain access to the system. This is achieved by entering a payload into the username field as ' or 1=1-- without double-quotes and typing anything into the password field. The vulnerable parameters are 'id' and 'username'. An attacker can also use SQLMap to retrieve tables from the database by using the command 'python sqlmap.py -u http://localhost/employment_application/?page=view_vacancy&id=1 --level=3 --risk=2 --banner --dbms=sqlite --tables'
Services By CQR