This exploit is a denial of service attack against Hasura GraphQL 1.3.3. It creates a table called 'test_db' and inserts a row with a large string of 'A's. It then creates a query with a large number of duplicates of the 'test' field, which causes the server to crash. This exploit was tested on Ubuntu.
Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user.
The AdTran Personal Phone Manager software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS.
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. These issues work by passing in a basic XSS payload to vulnerable GET parameters that are reflected in the output without saniztization. This can allow for several issues including but not limited to: hijacking a user's session, modifying a user's configuration settings, and using XSS payloads to capture input (keylogging).
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. These issues work by passing in a basic XSS payload to vulnerable POST parameters that are rendered in the output without saniztization. Since the forms do require authentication to access these issues cannot be exploited without credentials.
This exploit allows an authenticated user to upload a malicious file to the server and execute arbitrary code. The exploit is based on a vulnerability in rConfig version 3.9.6 and below. The exploit uses a Session object to send a POST request to the server with a malicious file attached. The malicious file contains a PHP script that can be used to execute arbitrary commands on the server.
This exploits allows for the download of the current router config including the admin login, just by requesting {IP}/goform/getimage, you can also activate telnet service by requesting /goform/telnet. Telnet activation issue exists in many other tenda devices too.
A Cross-Site Scripting (XSS) vulnerability was discovered in RemoteClinic 2, which allows an attacker to inject malicious JavaScript code into the application. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'first_name', 'last_name' and 'email' fields when registering a new staff member. An attacker can exploit this vulnerability by sending a specially crafted request to the application, which will result in the execution of arbitrary JavaScript code in the context of the application.
BlackCat CMS 1.3.6 is vulnerable to multiple stored cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by logging into the admin account in http://TARGET/backend/start/index.php, clicking on the 'Addons' and 'Create new' options, and inputting malicious JavaScript code in the 'Module / language name' field. The attacker can also exploit this vulnerability by logging into the admin account in http://TARGET/backend/start/index.php, clicking on the 'Access' and 'Manage groups' options, and inputting malicious JavaScript code in the 'Group name' field and clicking 'Add group'. Upon successful exploitation, the malicious JavaScript code will be executed in the browser of the victim.
A stored cross-site scripting (XSS) vulnerability exists in WordPress Plugin RSS for Yandex Turbo 1.29. An attacker can inject malicious JavaScript payloads into the user input fields of the plugin and when the mouse cursor is moved over these fields, the payloads get executed and a pop-up is displayed.
Services By CQR