The endpoint /sales/customer_delivery.php is vulnerable to Authenticated Blind SQL Injection (Time-based) via the GET parameter OrderNumber. This endpoint can be triggered through the Sales - Sales Order Entry - Place Order - Make Delivery Against This Order. The OrderNumber parameter require a valid orderNumber value. This script is created as Proof of Concept to retrieve database name and version through the Blind SQL Injection that discovered on the application.
Tenda N300 F3 12.01.01.48 is vulnerable to a malformed HTTP request header processing vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request header to the vulnerable device. This will allow the attacker to gain access to the device and decode the password.
Attackers can easily find the targets through various search engines with keywords 'MAC1200R' && port='8888'. Open the affected website like 'http://IP:8888/web-static/'. For example: http://60.251.151.2:8888/web-static/, http://222.215.15.70:8888/web-static/, http://60.251.151.2:8888/web-static/../../../../../../../../../../../../../../etc/passwd. Attackers can use the directory traversal vulnerability to access the sensitive files on the server.
This exploit allows an attacker to access the Docker based datastores of IBM Instana 241-2 243-0 without authentication. The exploit is achieved by running various commands on the host using the command line arguments parser. The vulnerable versions are 239-0 to 239-2 241-0 to 241-2 243-0 and the required version is 241-3. The exploit has been tested on Mac OS.
The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain. The application allowed access from the requested origin pwnedhost1.com which domain is on the attacker. The application allows two-way interaction from the pwnedhost1.com origin. This effectively means that any domain can perform two-way interaction by causing the browser to submit the null origin, for example by issuing the request from a sandboxed iframe. The attacker can use some library of the victim and this can be very dangerous!
The Purchase Order Management-1.0 suffer from File Inclusion Vulnerabilities. The users of this system are allowed to submit input into files or upload files to the server. The malicious attacker can get absolute control of this system!
A vulnerability in the WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) allows an authenticated user to execute arbitrary code on the device. The vulnerability exists due to insufficient input validation in the cgi-bin/diagnostic.cgi script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable device. Successful exploitation of this vulnerability could lead to remote code execution.
Due to the use of Access-Control-Allow-Origin: * on the 'Remote' upload endpoint used by Unified Remote Desktop, any internet originating webpage can make requests in the user's browser to the localhost endpoint to upload a crafted Remote zip file blob. This contains a remote.lua file which will be loaded and executed in the context of the current user. The below script will automatically update the executing command and host the payload delivery webpage which can be sent to target users or included in site pages as part of social engineering.
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories
Lab Collector is a software written in PHP by Agilebio. Version v4.234 allows an authenticated user to execute os commands on the underlying operating system.
Services By CQR