BrainyCP is vulnerable to remote code execution due to improper input validation. An attacker can exploit this vulnerability by sending a malicious payload to the application. This payload will be executed on the server, allowing the attacker to gain access to the system.
This PoC exploits a vulnerability in Paradox Security Systems IPR512, which allows an attacker to send a malicious HTTP GET request with custom headers and timeout to the target, resulting in a denial of service.
Roxy Fileman is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious file to the server and execute arbitrary code. This vulnerability affects versions <= 1.4.5.
This exploit allows an attacker to bypass the anti-brute force protection of pfsenseCE v2.6.0 by using a specially crafted POST request. The exploit is possible due to a lack of proper input validation and authentication checks.
A vulnerability in ESET Service 16.0.26.0 allows an attacker to gain elevated privileges by exploiting an unquoted service path. The vulnerability exists in the 'ekrn' service, which is installed with ESET Security. By exploiting the vulnerability, an attacker can gain SYSTEM privileges on the affected system.
This exploit allows an unauthenticated attacker to execute arbitrary code on the vulnerable system by exploiting two CVEs, CVE-2022-43769 and CVE-2022-43939. The exploit works by sending a specially crafted request to the server which contains a command to be executed. The command is sent via a URL parameter and is executed using the Java Runtime.getRuntime().exec() method.
WebsiteBaker is vulnerable to stored XSS. Anyone who has the authority to create the page can inject malicious payloads such as %3Cimg+src%3Dx+onerror%3Dalert%281%29%3E. When the page is visited, the malicious payload is executed.
The vulnerability exists due to insufficient sanitization of the 'ident' parameter in the 'objecten.pl' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary HTML and script code in the browser of the victim in context of the vulnerable website.
X2CRM v6.6/6.9 is vulnerable to Reflected Cross-Site Scripting (XSS) when an authenticated user injects malicious payload to the vulnerable parameter in GET request. The payload used in this exploit is '"><body onload="alert(4)">' which will execute a JavaScript alert box with the value 4.
X2CRM v6.6/6.9 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user injects malicious payload to the vulnerable parameter in POST request. The vulnerable parameter is Actions[subject]. An attacker can inject malicious payload to the parameter and execute arbitrary JavaScript code in the victim's browser.
Services By CQR