The malicious user can request an account from the administrator of this system. Then he can use this vulnerability to destroy or get access to all accounts of this system, even more, worst than ever. The malicious user can upload a very dangerous file on this server, and he can execute it via shell, this is because he can access the upload function from the administrator account.
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations.
An authenticated user can embed malicious content with XSS into the admin group policy page. Example payload: "/><svg/onload=prompt(document.domain)>"
A Boolean-based SQL injection/Time based SQL vulnerability in the page (/api/users/absence?search_month=1) in Suprema BioStar 2 v2.8.16 allows remote unauthenticated attackers to execute remote arbitrary SQL commands through "values" JSON parameter.
This script is needed to encrypt the serialized payload generated by the ysoserial tool in order to achieve Remote Code Execution.
Medicine Tracker System v1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted request to the application. This can be done by using a tool such as Burp Suite to capture the request and then using sqlmap to exploit the vulnerability.
An attacker can exploit this vulnerability by crafting a malicious payload and sending it to the vulnerable application. The payload is then executed in the browser of the victim when the vulnerable page is loaded. The payload can be sent to the vulnerable application in various ways such as via a malicious link, via a malicious file, or via a malicious parameter.
Insecure Win32 memory objects in Endpoint Windows Agents in the NetWitness Platform through 12.x allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
In the entab software in fapscampuscare.in, there is a login portal with a UserId field. An authenticated user would enter and get their name as well as other services. However, there should be a rate limit in place, which is not present. As a result, a hacker could bypass the system and obtain other usernames via broken access control. This enables a threat actor to obain the complete full name and user ID of the person.
Joomla! versions 4.0.0 to 4.2.7 are vulnerable to an unauthenticated information disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive information such as the version of Joomla! and the list of installed plugins.
Services By CQR