Multiple HTML injection vulnerabilities are found in GoAhead Web Server version 2.5 due to insufficient input validation. Exploiting this vulnerability allows an attacker to inject and execute HTML code within the context of the affected site.
An SQL injection vulnerability in Online Shopping System Advanced allows attackers to gain unauthorized access to the database by injecting malicious SQL statements through the 'cm' parameter. This can lead to the disclosure of sensitive information like user credentials.
The searchtitle parameter in 101 News-1.0 is vulnerable to SQL injection attacks. By submitting a specific payload in the searchtitle parameter, an attacker can inject a SQL sub-query that calls MySQL's load_file function with a UNC file path pointing to an external domain. This allows the attacker to interact with the external domain, confirming the successful execution of the injected SQL query.
A vulnerability was found in WyreStorm Apollo VX20 devices prior to version 1.3.58, allowing remote attackers to trigger a device restart through an HTTP GET request to /device/reboot endpoint. This vulnerability is identified as CVE-2024-25736.
The exploit allows an attacker to craft a link that, when visited by an admin, triggers a cross-site scripting (XSS) vulnerability on WonderCMS version 4.3.2. This XSS vulnerability is then leveraged to remotely execute malicious code on the server, enabling the attacker to take control of the system. This exploit script generates a JavaScript file that, when loaded by the admin, sets up a reverse shell to the attacker's specified IP address and port.
The DataCube3 v1.0 software is vulnerable to an unrestricted file upload vulnerability that can lead to remote code execution. An attacker can exploit this to upload malicious files to the server, potentially allowing them to execute arbitrary commands. This exploit also includes a reverse shell chain and information disclosure, such as leaking root passwords.
The exploit allows an attacker to include local files on the server by manipulating the application domain and providing a local file path. This vulnerability has been assigned the CVE-2023-3643.
GL.iNet version 3.216 is vulnerable to remote code execution via the OpenVPN client. An attacker can exploit this vulnerability by adding a malicious configuration file or client, allowing them to execute arbitrary code on the target system. This vulnerability is identified as CVE-2023-46456.
The GL.iNet <= 4.3.7 allows an attacker to write arbitrary files. By crafting a specific shadow file and replacing it using the exploit script, the attacker can write to the '/etc/shadow' file. This vulnerability has been assigned CVE-2023-46455.
This exploit targets a vulnerability in Atlassian Confluence servers that allows an attacker to bypass authentication. By sending a specially crafted request, an attacker can create a new admin account without requiring authentication on the targeted Atlassian server.