This exploit abuses the PHP_SESSION_UPLOAD_PROGRESS parameter to trigger a race condition and gain remote code execution. The script will return a reverse shell using netcat.
XOS-Shop prior to version 1.0.9 suffers from an arbitrary file deletion vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.
A vulnerability in NoteBurner 2.35 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when processing user-supplied data. An attacker could exploit this vulnerability by crafting a malicious file and convincing a user to open it. A successful exploit could cause the application to crash, resulting in a denial of service condition.
A vulnerability in Leawo Prof. Media 11.0.0.1 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability exists due to a boundary error when processing user-supplied input. A remote attacker can create a specially crafted file, trick the victim into opening it, and execute arbitrary code on the system. Successful exploitation of this vulnerability could result in a denial of service condition.
This exploit allows an attacker to dump the entire database of an Elasticsearch instance running versions 7.10.0 to 7.13.3. The exploit works by sending a POST request to the _bulk endpoint of the Elasticsearch instance with a specially crafted payload. This payload will cause the Elasticsearch instance to return the entire database in the response.
An unauthenticated attacker can exploit a vulnerability in Microsoft SharePoint Server 2019 to execute arbitrary code on the target system. The vulnerability exists due to improper validation of user-supplied input in the 'quicklinks.aspx' page. An attacker can send a specially crafted request to the vulnerable page and execute arbitrary code on the target system.
Install WordPress 5.7.2, Install and activate Simple Post, Navigate to Settings >> Simple Post and enter the XSS payload into the Text input field, Click Update Options, Payload Used: '><script>alert(document.cookie)</script>
ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations.
When unsanitized user input is supplied to a file deletion function, an arbitrary file deletion vulnerability arises. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.
The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'input_id' POST parameter in '/http/index.php' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication mechanism.
Services By CQR