Sync Breeze 13.6.18 is vulnerable to Unquoted Service Path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the Sync Breeze Server and Sync Breeze Enterprise services not being properly quoted. An attacker can exploit this vulnerability by placing malicious files in the same directory as the service executable and then executing the service.
An attacker can exploit a SQL injection vulnerability in Unified Office Total Connect Now 1.0 by sending a malicious payload in the 'data' parameter of the 'operatorLogin.php' page. The payload can be used to extract the version of the database. The request is captured in Burpsuite and the response reveals the DB version of mysql.
Using Google Dorks, an attacker can induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. This can lead to the server-side application being blacklisted, and can damage the reputation of the company.
Teachers Record Management System 1.0 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'email' field of the 'adminprofile.php' page. When an administrator views the profile page, the malicious code will be executed in the browser, allowing the attacker to perform various malicious activities.
Teachers Record Management System 1.0 is vulnerable to multiple authenticated SQL Injection attacks. An attacker can exploit this vulnerability by sending malicious payloads to the application. The payloads can be sent via POST request to the search.php page or via GET request to the edit-subjects-detail.php and edit-teacher-detail.php pages. The payloads can be used to bypass authentication and gain access to the application.
An unauthenticated user is able to bypass the Patient Portal Login by simply navigating to the registration page and modifying the requested url to access the desired page. Normally, access to these pages requires authentication as a patient. If a user were to visit any of those pages unauthenticated, they would be redirected to the login page.
Disk Sorter Enterprise 13.6.12 is vulnerable to Unquoted Service Path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the Disk Sorter Enterprise service not being properly quoted. An attacker can exploit this vulnerability by placing malicious files in the same directory as the service executable and then execute them with elevated privileges.
DiskPulse 13.6.14 is vulnerable to Unquoted Service Path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path. The vulnerability can be discovered by running the 'wmic service get name,displayname,pathname,startmode' command and searching for services with 'Auto' start mode and unquoted service path. The 'sc qc' command can be used to verify the service path.
This exploit is related to CVE-2021-3560, which is a privilege escalation vulnerability in polkit versions 0.105-26 (Ubuntu) and 0.117-2 (Fedora). The exploit creates a new user with administrator privileges, sets the password, and then logs in as the new user. The exploit uses dbus-send timing to bypass authentication.
Brother BRAgent 1.38 is vulnerable to an unquoted service path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the service path of the Brother BRAgent service not being properly quoted. An attacker can exploit this vulnerability by creating a malicious executable with the same name as the service path and placing it in the same directory. When the service is started, the malicious executable will be executed with SYSTEM privileges.
Services By CQR