The MISP version 2.4.171 is prone to a stored cross-site scripting vulnerability. An authenticated attacker can inject malicious scripts into the 'Name' parameter when adding a cluster under the 'Galaxies' section, leading to the execution of arbitrary scripts in the context of the victim's browser. This vulnerability has been assigned CVE-2023-37307.
The Saflok KDF (Key Derivation Function) exploit allows an attacker to derive encryption keys from a 32-bit UID value, resulting in unauthorized access to the system. This vulnerability does not have a CVE assigned yet.
The vulnerability in Atemio AM 520 HD Full HD satellite receiver with firmware <=2.01 allows an unauthorized attacker to execute system commands with elevated privileges by utilizing the 'getcommand' query in the application, leading to root access.
The exploit involves creating a new process in Linux x64 using the execve() system call with an argument of '/bin//sh'. The argument is encrypted using XOR operation. The shellcode author is Alexys (0x177git). The exploit code can be found at https://github.com/0x177git/xor-encrypted-execve-sh.
The vulnerability in Microsoft Windows PowerShell allows for code execution by bypassing single quote restrictions. By using a combination of semicolon and ampersand characters, a specially crafted filename can trigger arbitrary code execution and evade PS event logging. This can lead to unauthorized file execution and potential security breaches.
The GYM Management System version 1.0 is vulnerable to stored cross-site scripting (XSS) due to insufficient validation of user-supplied data. An attacker can inject a malicious payload in the 'lname' field, leading to the execution of arbitrary JavaScript code in the context of the victim's browser. This can result in session hijacking, sensitive information theft, or other malicious actions. The vulnerability was detected by Alperen Yozgat.
The exploit allows injection of arbitrary code into a client's game through a crafted payload. The code author holds no liability for any damages caused by the usage of this exploit. By exploiting this vulnerability, an attacker can execute remote code on the target system.
The elFinder Web file manager version 2.1.53 allows remote attackers to execute arbitrary commands via uploading a crafted PHP file that leverages the system function.
Unauthenticated users can exploit the Clinic's Patient Management System version 1.0 by uploading a malicious PHP file in place of a profile picture via the /pms/users.php address. This allows attackers to execute arbitrary commands on the server without requiring any authentication.
This exploit enables an attacker to establish a reverse shell connection from a system running OSGi v3.8-3.18 or earlier. The vulnerability allows unauthorized remote attackers to execute arbitrary code on the target system.
Services By CQR