Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container and use chroot to escape the container-jail.
The auth_user parameter is vulnerable to SQL injection. The login can be bypassed.
This exploit allows an attacker to fetch a snapshot from the IP Camera VACRON VIG-US731VE without requiring credentials. It also allows a 'viewer' level user to fetch any camera setting, including the admin user and password.
Stored XSS on exam input textfields and Blind SQL Injection on examapp_UserResult page id parameter.
The Android application is vulnerable to Remote Code Execution via Man-In-The-Middle (MITM) attacks. This is caused by the application sending the user's credentials (username and password) over an unencrypted HTTP GET request, which can be intercepted by an attacker.
The Android application is vulnerable to Remote Code Execution via Man-In-The-Middle (MITM) attacks. This is caused by the application sending the credentials (username and password) over an HTTP GET request, which is vulnerable to MITM attacks.
Due to missing escaping of the backtick character, the following query in the source code is vulnerable. The vulnerability can be trigged via a POST request. The vulnerability exists on this method: GET /actionphp/download.File.php?&file=../../../../../../etc/passwd. It is possible to bypass the implemented restrictions by uploading a malicious file with a double extension, such as 'file.php.txt'.
Blind SQL Injection on Search page, with 'search_author' parameter (POST). sqlmap.py -u 'http://localhost/[PATH]/search/results.html' -p search_author --data 'searchPerformed=1&task=search&searchword=asd&searchCategories%5B%5D=*&search_cuisine=&searchSeasons=&search_author=1&search_max_prep_hours=2&search_max_prep_minutes=0&search_max_cook_hours=2&search_max_cook_minutes=0&search_min_rate=0&search_max_cost=999¤tIngredient=' --random-agent --dbs
Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.
This module exploits a remote command execution vulnerability in the Citrix SD-WAN Appliace Version <= v9.1.2.26.561201. The vulnerability exist in a section of the machine's session checking functionality. If the CGISESSID cookie holds shell-command data - it is used in a call to system where input is processed unsanitized.
Services By CQR