Simple Task Managing System 1.0 allows SQL Injection via parameters 'login' and 'password' in /TaskManagingSystem/login.php Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latest vulnerabilities in the underlying database.
This exploit is a SQL injection vulnerability in the Art Gallery Management System Project in PHP v 1.0. It allows an attacker to extract the current database name by sending a malicious payload to the vulnerable URL. The payload is crafted to extract the database name character by character.
The `Create Import Feed` option with `glyphicon-glyphicon-paperclip` function appears to be vulnerable to User interaction - Unauthenticated File upload - RCE attacks. The attacker can easily upload a malicious then can execute the file and can get VERY sensitive information about the configuration of this system, after this he can perform a very nasty attack.
Dompdf is a PHP library that is used to generate PDF documents from HTML. A vulnerability exists in versions prior to 1.2.1 that allows an attacker to execute arbitrary code on the server. This is due to the lack of input validation when handling font files. An attacker can craft a malicious font file and send it to the server, which will then be processed by the vulnerable application. This can lead to arbitrary code execution on the server.
An authenticated remote code execution vulnerability exists in Arris Router Firmware 9.1.103. An attacker can send a malicious payload to the router via SNMP to execute arbitrary code on the vulnerable device. This exploit was tested on TG2482A, TG2492, and SBG10 devices.
TitanFTP is vulnerable to a path traversal vulnerability, which can be exploited to gain remote code execution. An attacker can send a specially crafted request to the vulnerable server, which can be used to traverse the file system and execute arbitrary code.
FileZilla is a free and open-source, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Clients are available for Windows, Linux, and macOS. Both server and client support FTP and FTPS, while the client can in addition connect to SFTP servers. DLL Library named TextShaping.dll is not present at the FileZilla folder, this file can be loaded with the app. Make malicious .dll file via msfvenom and place at the destination folder. Start listener via nc and execute FileZilla.exe.
EasyNas 1.1.0 is vulnerable to OS Command Injection. An attacker can exploit this vulnerability by sending a malicious payload to the backup.pl page. The payload is then executed with root privileges, allowing the attacker to gain access to the system.
The sophisticated XWorm Trojan is well exploited by EvilCoder, where they collect different features such as ransomware and keylogger TAs to make it more risky for victims. The Trojan assigned to victims suffers from a NULL pointer deference vulnerability, which could lead to a denial of service for the server builder of the threat actor by getting his IP address and port of command and control.
Provide Server v.14.4 is vulnerable to XSS, CSRF and Remote Code Execution (RCE). An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable server. This payload can be used to execute arbitrary code on the server, allowing the attacker to gain access to sensitive information or take control of the server.
Services By CQR