Backdrop CMS suffers from an Cross-site Request Forgery Vulnerability allowing Remote Attackers to add new user with Admin powers and gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file.
This exploit allows an attacker to upload a malicious file to the vulnerable Wordpress Plugin 3DPrint Lite version 1.9.1.4. The attacker can upload a malicious file to the vulnerable plugin by sending a POST request to the admin-ajax.php page with the action parameter set to p3dlite_handle_upload. The malicious file will be uploaded to the wp-content/uploads/p3d/ directory.
Online Reviewer System 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file that bypasses the image upload filters.
Sentry versions prior to 8.2.2 are vulnerable to an authenticated Remote Code Execution (RCE) vulnerability. An attacker with Superuser privileges can exploit this vulnerability to execute arbitrary code on the vulnerable system. The exploit involves sending a malicious payload to the '/api/0/internal/health/' endpoint of the vulnerable system. The payload is a pickled object which contains a command line argument to execute a reverse shell. The payload is then triggered by sending a request to the same endpoint.
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting.
OpenCats 0.9.4-2 is vulnerable to XML External Entity Injection (XXE) when processing user supplied DOCX files. An attacker can craft a malicious DOCX file containing an XML External Entity declaration in order to read arbitrary files from the server. This can be used to read sensitive files from the server, such as configuration files containing passwords, or to perform server-side request forgery (SSRF) attacks.
e107 is a free website content management system that includes an endpoint that allows remote access. A theme page is misconfigured, causing a security vulnerability. User information with sufficient permissions is required. The contents of the upload 'malicious.zip' file must be too long to read to bypass some security measures. An exploit can be run using python3 exploit.py -u http://example.com -l admin -p Admin123.
The PC Security Management Service, PC Security Management Monitoring Service, and Anti-Malware SDK Protected Service services from TotalAV version 5.15.69 are affected by unquoted service path (CWE-428) vulnerability which may allow a user to gain SYSTEM privileges since they all running with higher privileges. To exploit the vulnerability is possible to place executable(s) following the path of the unquoted string.
This vulnerability is a denial of service vulnerability in the Yenkee Hornet Gaming Mouse driver, GM312Fltr.sys. It can be triggered by sending a specially crafted IOCTL request to the driver, which will cause the driver to overrun a stack-based buffer and crash the system.
WebsiteBaker Open Source Content Management includes an endpoint that allows remote access. Language page misconfigured, causing vulnerability. User information with sufficient permissions is required. An exploit script was written to bypass some security measures.
Services By CQR