The web administration server for Solar-Log 500 all versions prior to 2.8.2 Build 52 does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status.
Grocery crud version 1.6.4 is vulnerable to SQL Injection in the 'order_by' parameter. An attacker can inject malicious SQL code in the 'order_by' parameter of the POST request to the ajax_list page. This can be used to extract data from the database.
The OpenEMR application allows users from all roles to upload files. However, the application does not whitelist only certain type of files (e.g. PDF, JPG, PNG, DOCX, etc). At the contary, any type of files can be uploaded to the filesystem via the application. While OpenEMR recommends during the installation to restrict access to the repository hosting uploaded files, unfortunately, such recommendations are too often ignored by users and can result in full compromise of the web server and its data.
Microsoft SharePoint Server 16.0.10372.20060 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the server. This can allow the attacker to access internal resources that are not normally accessible from the external network.
This stored XSS bug happens when a user uploads an svg file with the following content: <svg onload="alert(123)"/>. Exploit POC: Vulnerable Path: /file/upload, Parameter: files (POST), Vector: <svg onload="alert(123)"/>.
Accela Civic Platform version 21.1 and below is vulnerable to Cross-Site-Scripting (XSS) due to improper validation of user-supplied input in the 'servProvCode' parameter. An attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable application. This can allow the attacker to execute arbitrary JavaScript code in the context of the vulnerable application.
Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note. Successful exploitation will cause the application to stop working. The exploit has been tested against iOS 14.2.
TextPattern is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
student.php is prone to an SQL-injection vulnerability because it fails to sanitize user input before pushing it into SQL query.Exploiting this issue could allow the attacker to compromise the server. The vulnerable parameter uri: /srms/student.php?class=<injection point> Parameter: class (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: class=-6346' OR 3657=3657#&rn=1 Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: class=1' OR (SELECT 3201 FROM(SELECT COUNT(*),CONCAT(0x71786a7171,(SELECT (ELT(3201=3201,1))),0x71766b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- hNXT&rn=1 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: class=1' AND (SELECT 1049 FROM (SELECT(SLEEP(5)))gIdB)-- yYYR&rn=1 Type: UNION query Title: MySQL UNION query (random number) - 7 columns Payload: class=1' UNION ALL SELECT 8674,8674,8674,CONCAT(0x71786a7171,0x45414967666b57777145704f476d6566766d6f694d707561566e6150744d73505370466e7a6c784c,0x71766b7a71),8674,8674,8674#&rn=1
An unauthenticated attacker can exploit a vulnerability in GravCMS 1.10.7 to execute arbitrary YAML write/update. The vulnerability exists due to insufficient validation of user-supplied input in the 'admin/tools/scheduler' endpoint. An attacker can send a specially crafted request to the endpoint to execute arbitrary YAML write/update. This can allow the attacker to execute arbitrary code on the vulnerable system.
Services By CQR