The TimeProvider® 4100 Grandmaster firmware version 2.4.6 is vulnerable to SQL injection in the 'get_chart_data' web resource. The 'channelId' parameter is directly inserted into the SQL query, allowing unauthenticated attackers to manipulate queries and execute malicious SQL commands.
This exploit leverages two vulnerabilities in jQuery: CVE-2020-7656 which allows for XSS through improper script handling, and CVE-2019-11358 which leads to XSS due to Prototype Pollution. By injecting payloads into a vulnerable page running jQuery versions prior to 3.4.X, malicious actors can run arbitrary JavaScript code in the victim's browser.
The X2CRM version 8.5 is vulnerable to a stored cross-site scripting (XSS) exploit. By entering a malicious XSS payload in the 'Name' field while creating a list under the 'Opportunities' section, an attacker can trigger the stored XSS payload when accessing the 'Lists' tab.
A SQL injection vulnerability exists in the login functionality of NEWS-BUZZ News Management System version 1.0. This vulnerability allows an attacker to manipulate the SQL query by altering the user_name parameter, potentially leading to unauthorized access to the database.
The login page in the Integration Server in Software AG webMethods 10.15.0 before Core Fix7 allows remote attackers to access the administration panel and obtain server hostname and version information by sending a dummy username and blank password to the login URI. By dropping the request to "/admin/navigation/license," attackers can remain logged in and access sensitive details such as the server's real hostname, version info, and administrative API endpoints.
The exploit leverages an unauthenticated API endpoint (/api/config) on the Solstice Pod to extract sensitive information like the session key, server version, product details, and display name. Attackers can retrieve live session data by accessing this endpoint without proper authentication.
A SQL injection vulnerability was discovered in OS4Ed Open Source Information System Community version 9.1. By manipulating the 'X-Forwarded-For' header parameters in a POST request to /Ajax.php, an attacker can execute malicious SQL queries.
dizqueTV version 1.5.3 is susceptible to a remote code execution vulnerability that allows attackers to execute unauthorized commands remotely. By manipulating the FFMPEG Executable Path in the settings to include a malicious command like "; cat /etc/passwd && echo 'poc'", an attacker can view the content of /etc/passwd.
The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.
The vulnerability exists in NoteMark version 0.13.0 and below. By injecting a malicious payload into a note and rendering it using the 'Rendered' tab, an attacker can execute arbitrary JavaScript code in the context of the user's session.
Services By CQR