An authorized user can upload a file with a .phar extension to a path of his choice and control the content as he wishes. This causes RCE vulnerability.
This module scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution (CVE-2021-27065). As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server.
WordPress Plugin WP Statistics 13.0.7 is vulnerable to Time-Based Blind SQL Injection (Unauthenticated). An attacker can exploit this vulnerability to gain access to the database of the website. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'ID' parameter of the 'wp-admin/admin.php' page. An attacker can send a specially crafted request to the vulnerable page and inject malicious SQL queries to gain access to the database. The vulnerability affects versions 13.0 to 13.0.7 of the plugin. The patch for this vulnerability is available in version 13.0.8 of the plugin.
A vulnerability has been identified in the way Mozilla Firefox handles downloaded files on Windows. Unlike the other most used browsers (Google Chrome, Internet Explorer, Edge), the action Mozilla Firefox takes is based on the 'Content-Type' attribute. It is possible to 'confuse' Firefox using a combination of 'Content-Type' attribute and file extension which leads to the arbitrary execution of code. Specifically, if a server responds with a 'Content-Type: text/html' and a filename that has the extension '.jpg', Mozilla Firefox will show the end user an 'open-with' mask, asking to open the jpg file with the default program (usually a browser), but will download the above mentioned file into the system's temporary folder using the extension '.html'. Subsequently, the downloaded file will be opened using the default program for .html files (browsers). It is easy to understand that it is possible to create a fake image, containing JavaScript code, which will lead to the execution of the code itself.
A DOM based XSS vulnerability exists in Spotweb 1.4.9. An attacker can exploit this vulnerability by tricking an authenticated user into clicking a malicious link. This can allow the attacker to execute arbitrary JavaScript code in the context of the user's browser.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
ATK Hotkey 1.0.94.0 suffers from an unquoted search path issue impacting the service 'AsHidService'. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
An attacker uses Stored XSS to inject malicious content (referred to as the payload), most often JavaScript code, into the target application. If there is no input validation, this malicious code is permanently stored (persisted) by the target application, for example within a database. When a victim opens the affected web page in a browser, the XSS attack payload is served to the victim’s browser as part of the HTML code (just like a legitimate comment would). This means that victims will end up executing the malicious script once the page is viewed in their browser.
An attacker can gain admin panel access using malicious sql injection queries.
Services By CQR