This module attempts to authenticate using a hard-coded backdoor password in the Simatic S7-300 PLC and dumps the device memory using system commands.
A vulnerability in Joomla's com_osproperty component allows an attacker to upload a malicious file to the server. By accessing the URL http://site/component/osproperty/?task=agent_register, an attacker can complete the form and upload a malicious file instead of a photo. The malicious file will be located in the root /osproperty/agent/ directory.
Shopware 3.5 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries into the vulnerable parameter of the application and gain access to sensitive information stored in the database.
A vulnerability in Joomla's com_KSAdvertiser component allows an attacker to upload a malicious file and bypass the file extension check. This can be exploited to upload a malicious file such as a PHP shell, which can then be used to execute arbitrary code on the vulnerable system.
When submitting a resume, the 'file attachment' upload does not restrict any file types. Attachments are uploaded to the following folder: /wp-content/uploads/rsjp/attachments/. File names are rewritten by the following code in lines 193-197 of /wp-content/plugins/resume-submissions-job-postings/includes/functions.php. When submitting the resume form, attach a shell (c99.php, etc.) or file of your choice as a 'file attachment.' After submitting the form, navigate to /wp-content/uploads/rsjp/attachments/ to find all uploaded attachments. Locate your file by searching for the file extension (.php, etc.) or by file size. Alternatively, your uploaded file can be accessed directly by understanding how the plugin renames files.
Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.
An attacker is able to create a specially formed CSS that will overcome toStaticHTML's security logic; therefore, after passing the specially crafted CSS string through the toStaticHTML function, it will contain an expression that triggers a JavaScript call. The filtering engine allows the string 'expression(' to exists in 'non-dangerous' locations within the CSS and a bug in Internet Explorer's CSS parsing engine doesn't properly terminate strings that are opened inside brackets and closed outside of them.
A heap-overflow vulnerability exists in ZipItFast PRO v3.0 due to improper bounds checking of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
The vulnerability allows an remote attacker to inject own malicious script codes to the application-side of the vulnerable module. The vulnerability is located in the `name` and `email` value of the `reservation` module. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable module. The request method to inject is POST and the attack vector is located on the application-side.
The persistent input validation web vulnerability is located in the `add.php` file of the TP Link Gateway v3.12.4 Router Application. Remote attackers are able to inject own malicious script codes to the vulnerable `add.php` file. The request method to inject is POST and the attack vector is located on the application side. The persistent input validation web vulnerability is a client-side issue, which is located in the add functon of the `add.php` file. The vulnerability allows remote attackers to inject own malicious script codes to the vulnerable `add.php` file. The malicious script code will be executed out of the application scope in the browser of the victim.
Services By CQR