Attacker can use dorks to find the panel and send a request to the IP address. If the response contains the passwords, the attacker can crack the hashes using John the Ripper. Most of the panels have the default password as 'admin'.
GDidees CMS v3.9.1 and lower versions was discovered to contain a local file disclosure vulnerability via the filename parameter at /_admin/imgdownload.php. Imgdownload.php is mainly used by the QR code generation module to download an QR code. The vulnerability occurs in line 4 where the filename parameter which will be opened later is not filtered or sanitized. Furthermore, there is no admin session check in this code as it should since only the admin user should normally be able to download QR code.
AspEmail 5.6.0.2 is vulnerable to a local privilege escalation vulnerability due to weak services permission and binary permission. An attacker can exploit this vulnerability to gain elevated privileges on the system.
A vulnerability in Swagger UI 4.1.3 allows an attacker to misrepresent critical information in the user interface. This vulnerability can be exploited by sending a malicious request to the target server, which will then return a response containing the malicious data. The attacker can then use this data to gain access to sensitive information or to perform other malicious activities.
Bang Resto v1.0 is vulnerable to multiple SQL Injection attacks. An attacker can inject malicious SQL queries into the 'btnMenuItemID' parameter to gain access to user, database and version information. An attacker can also use sqlmap to dump the entire database by saving the web request from BurpSuite.
Bang Resto v1.0 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'itemName' parameter of the 'menu.php' page. When a victim visits the page, the malicious code will be executed in the victim's browser. This can be used to steal session cookies, hijack user accounts, and perform other malicious activities.
The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim's computer. The attacker can trick the victim to open a malicious web page by using a `Word` malicious file and he can steal credentials, bank accounts information, sniffing and tracking all the traffic of the victim without stopping - it depends on the scenario and etc.
Incorrect file/folder permissions in Diasoft Corporation's File Replication Pro 7.5.0 allow privilege escalation by replacing a file with another one that will be executed with 'LocalSystem' rights from Windows Services application. To exploit the vulnerability a malicious actor/process must weaponize or replace the prunsrv.exe executable that runs with LocalSystem privileges as 'frp' (FRPReplicationServer) service, since the application's path has 'Everyone' full access permissions. Moreover, the 'properties.xml' file in the 'etc' folder inside program's path contains the hashed password for remote access stored in sha1(base64) value, that is possible to modify. Replacing it with a new hash, generated by encrypting a string in SHA-1 and encoding its digest via base64, will grant the login acess to the application with the new password.
The autodiscovery feature of Lilac-Reloaded for Nagios 2.0.8 lacks any kind of input filtering, allowing an attacker to add their own commands terminated with a semicolon. This can be exploited to execute arbitrary code on the vulnerable system.
The application suffers from an authentication bypass, account takeover/lockout and elevation of privileges vulnerability that can be triggered by directly calling the users object and effectively modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.
Services By CQR