A denial of service vulnerability exists in Telegram Desktop 2.9.2, which allows an attacker to crash the application by creating a file with 9000000 bytes of data and pasting it into the “Write a message…” field. The file is created by running the python script which creates a file named “output.txt”.
The vulnerability exists in the WordPress Payments Plugin | GetPaid version 2.4.6, which allows an attacker to inject malicious HTML code into the 'Help Text' field of the Payment Form page. By exploiting this vulnerability, an attacker can inject malicious HTML code into the database and execute it successfully, resulting in the display of an image on the right hand side.
This exploit allows an unauthenticated attacker to execute arbitrary code on the vulnerable system by exploiting a SQL injection vulnerability in the Traffic Offense Management System 1.0. The attacker can bypass the authentication process by sending a crafted SQL query to the Login.php page. The attacker can then find the path of the vulnerable system and send a malicious payload to the server, which will be written to a file and executed.
Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG > User Management > User Signup Options.
ProfilePress WordPress plugin is susceptible to a vulnerability in the user registration component in the ~/src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator.
Authenticated path traversal vulnerability which allows an attacker to write arbitrary files on the target server.
This exploit allows an unauthenticated attacker to execute arbitrary code on the vulnerable Strapi CMS version 3.0.0-beta.17.4 or lower. The exploit works by resetting the password of the admin user and then using the JWT token to execute arbitrary code on the server. The exploit is tested on Ubuntu 20.04.
Strapi 3.0.0-beta.17.7 is vulnerable to Remote Code Execution (RCE) when an authenticated user sends a malicious payload to the /admin/plugins/install endpoint. This payload is executed in the context of the web server user. An attacker can use this vulnerability to execute arbitrary code on the server.
strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
The viewid parameter of the Bus Pass Management System 1.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by entering a malicious SQL payload into the URL of the vulnerable page. This will result in an SQL error, which can be used to gain access to the system.
Services By CQR