A vulnerability in the Wordpress plugin 'visitors' version 0.3 and prior allows remote attacker through Cross-Site Scripting (XSS) to redirect administrators and visitors and potentially obtain sensitive informations. The 'user-agent' parameter allows attacker to escalate their privileges.
OpenCart is an open source shoping cart system, suffers from Cross-site request forgery through which attacker can manipulate user data via sending him malicious craft url. OpenCart is not using any security token to prevent it against CSRF. It is vulnerable to all location inside User panel.
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. This vulnerability can results attacker to inject the XSS payload in Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
WordPress Plugin wpDiscuz 7.0.4 is vulnerable to a Remote Code Execution vulnerability. An unauthenticated attacker can exploit this vulnerability to upload a malicious PHP webshell and execute arbitrary code on the target system. This vulnerability is due to the lack of proper validation of the uploaded file. The vulnerability is tracked as CVE-2020-24186.
Backup Key Recovery 2.2.7 is vulnerable to a denial of service attack. An attacker can craft a malicious string of 256 A's and paste it into the 'Key' field of the 'Enter Registration Code' window. This will cause the application to crash.
Nsauditor 3.2.3 is vulnerable to a denial of service attack. An attacker can craft a malicious string of 256 A's and paste it into the 'Key' field of the 'Enter Registration Code' window. This will cause the application to crash.
A denial of service vulnerability exists in NBMonitor 1.6.8 due to a buffer overflow when a crafted string of 256 A's is copied to the clipboard and pasted into the 'Key' field when registering the software. This causes the application to crash.
This exploit allows an unauthenticated attacker to upload a webshell to the vulnerable Wordpress Plugin wpDiscuz 7.0.4. The attacker can then use the webshell to execute arbitrary commands on the server. This exploit was discovered by Chloe Chamberland and further developed by Juampa Rodríguez aka UnD3sc0n0c1d0.
This exploit is for Rocket.Chat 3.12.1, which is vulnerable to NoSQL Injection to RCE. The exploit involves sending a password reset email to a low privilege user, using the NoSQL injection to get the token, changing the password, logging in as the low privilege user, getting the admin ID, getting the admin 2FA status, getting the admin secret, getting the admin code, logging in as the admin, and finally executing the RCE.
A stored cross-site scripting (XSS) vulnerability exists in the WordPress Plugin Smart Slider-3 3.5.0.8. An attacker can exploit this vulnerability by entering a malicious JavaScript payload into the 'Name' field when creating a new project. This will cause the malicious JavaScript payload to be stored and executed when the project is viewed. This can lead to the theft of cookies, user redirection to a malicious website, and malicious code execution.
Services By CQR