WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.
WinWaste.NET version 1.0.6183.16475 (from Nica s.r.l., a Zucchetti Group company) allows a local unprivileged user to replace the executable with a malicious file that will be executed with 'LocalSystem' privileges. Attack Vectors: replacing the WinWasteService.exe and/or any tied .dll used by the software.
Allows an attacker to change admin account details by sending a malicious POST request to the server.
CVE-2020-7750 was disclosed on Scratch's official forums on 21th of October 2020 by the forum user apple502j. The forum thread describes a cross-site scripting (XSS) vulnerability in Scratch and Scratch Desktop prior to 3.17.1. You can exploit the vulnerability by uploading a SVG (*.svg) file WITHOUT the viewBox attribute and embedding a malicious event handler. Example: <svg xmlns:xlink="http://www.w3.org/1999/xlink"><image href="doesNotExist.png" onerror="<INSERT JS PAYLOAD>" /></svg>. The malicious SVG can be uploaded as a sprite or stored within a Scratch project file (*.sb3), which is a regular ZIP archive by the way. The Scratch Desktop versions runs on Electron where the exploit can be used for remote code execution (RCE).
The 'login_user =' parameter present in the POST authentication request is vulnerable to an Time Based SQLi as follow: Parameter: login_user (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: signin_user=1&login_user=1' AND (SELECT 8860 FROM (SELECT(SLEEP(5)))xENj) AND 'OoKG'='OoKG&password_user=1
An authenticated remote code execution vulnerability exists in Online Voting System 1.0. By sending a specially crafted HTTP POST request, an attacker can inject malicious PHP code into the 'image' parameter of the 'save_candidate.php' script. This code will be uploaded to the server and can be executed by accessing the uploaded file with a GET request containing a 'cmd' parameter.
Online Voting System 1.0 is vulnerable to authentication bypass due to an SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted payload to the application. This will allow the attacker to bypass authentication and gain access to the application.
The admin login of this app is vulnerable to sql injection login bypass. Anyone can bypass admin login authentication by entering anything as the username and ' or '1'='1' as the password.
Almost all inputs contain Stored XSS on the website. An attacker can send a malicious request with a Stored XSS payload to the Report Offense page. The payload will be triggered on the Dashboard and Offense list pages.
Apache Superset 1.1.0 is vulnerable to time-based account enumeration. An attacker can use a wordlist to enumerate valid usernames by measuring the response time of the login page. The exploit requires the attacker to have access to the login page and the CSRF token. The attacker can then send a POST request with a valid CSRF token and a username from the wordlist. If the username is valid, the response time will be longer than if the username is invalid. The attacker can then sort the response times to determine which usernames are valid.
Services By CQR