A Cross-Site Scripting (XSS) vulnerability was discovered in revive-adserver v5.4.1. An attacker can exploit this vulnerability by sending a malicious link to the admin. If the admin clicks on the link, they will be exposed to XSS.
This exploit allows an attacker to gain access to the FS-S3900-24T4S device by using the telnet protocol. The attacker can use the guest credentials to login and then use the enable command with the super password to gain access to the device. The attacker can then configure the device to create a new user with admin privileges and no password.
OpenEMR <= 7.0.1 is vulnerable to authentication credentials brute force attack. An attacker can bypass the authentication mitigation by using a brute force attack to guess the username and password of the application. This exploit uses a python script to perform the attack.
A stored XSS vulnerability exists in PHPFusion 9.10.30. An attacker can upload a malicious SVG file containing a JavaScript payload to the Fusion file manager, which will be executed when the file is accessed. This can be used to steal cookies, session tokens, or other sensitive information.
SoftExpert (SE) Suite is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to gain access to sensitive files on the server. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'managerPath' parameter of the 'defaultframe_filter.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with maliciously crafted 'managerPath' parameter. This will allow the attacker to read arbitrary files on the server.
The application is prone to insecure file/folder permissions on its default installation path, wrongly allowing some files to be modified by unprivileged users, malicious process and/or threat actor. Attacker can exploit the weakness abusing the 'write' permission of the main application available to all users on the system or network.
The already authenticated attacker can upload HTML files on the server, which is absolutely dangerous and STUPID. In this file, the attacker can be codding a malicious web-socket responder that can connect with some nasty webserver somewhere. It depends on the scenario, the attacker can steal every day very sensitive information, for a very long period of time, until the other users will know that something is not ok with this system, and they decide to stop using her, but maybe they will be too late for this decision.
Admidio is vulnerable to CSV injection when a malicious user sets their postal code to a specially crafted payload. If an admin then exports users as a CSV or Excel file, the payload will be executed on the admin's computer, in this case opening the calculator.
A vulnerability exists in the PHP Restaurants 1.0 software, which allows an attacker to bypass authentication and perform Cross Site Scripting (XSS) attacks. The vulnerability is due to the lack of input validation in the login function of the functions.php file. An attacker can exploit this vulnerability by sending a specially crafted request to the login.php page with an email and password parameter containing an SQL injection payload. This will allow the attacker to bypass authentication and gain access to the admin page. Additionally, an attacker can exploit the Cross Site Scripting (XSS) vulnerability by sending a specially crafted request to the index.php page with a search parameter containing an XSS payload. This will allow the attacker to execute malicious JavaScript code in the context of the web browser.
Access to private files of any user, including admin by changing the id in the GET request.
Services By CQR