OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
A vulnerability in the node-serialize module of Node.js could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to improper validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized payload to the targeted system. A successful exploit could allow the attacker to execute arbitrary code on the targeted system.
A vulnerability in the Dlink DSL2750U router version 1.6 allows an attacker to inject a malicious reboot command. This is possible due to the router's tftp server accepting the cfg.xml file blindly. An attacker can craft a cfg.xml file with a malicious username and password, and then send it to the router via tftp. Once the router has accepted the file, the attacker can then send a POST request with the malicious reboot command, using the malicious username and password, and the sessionid extracted from the previous request. This will cause the router to reboot, allowing the attacker to gain access.
The file upload feature in ICE Hrm Version 29.0.0.OS allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows attacker to add new admin account or change the password leading to full account takeover.
An unauthenticated attacker can exploit a vulnerability in Online Shopping Portal 3.1 to execute arbitrary code on the server. The vulnerability exists due to insufficient validation of user-supplied input in the 'insert-product.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious PHP code in the 'productImage' parameter. This will allow the attacker to execute arbitrary code on the server.
The VMware Hub Health Monitoring Service is installed with the Workspace ONE Intelligent Hub 20.3.8.0. The service is configured to start automatically, but the path to the executable is not enclosed in quotation marks, which can allow a local attacker to gain elevated privileges.
Zoho ManageEngine ServiceDesk Plus MSP 9.4 is vulnerable to user enumeration. An attacker can use the ForgotPassword.sd endpoint to enumerate valid users. The endpoint returns a different response size for valid and invalid users.
VX Search 13.5.28 is vulnerable to Unquoted Service Path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The attacker can use the unquoted service path to execute malicious code with elevated privileges.
Dup Scout 13.5.28 is vulnerable to Unquoted Service Path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path of the application. The service path of the application is not quoted which allows an attacker to inject malicious code in the service path and gain elevated privileges.
Services By CQR