Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
Mini Mouse 9.2.0 is vulnerable to Path Traversal. An attacker can send a specially crafted HTTP request to the vulnerable server to traverse the file system and read arbitrary files. This can be done by sending a GET request with a path traversal payload in the 'file' parameter. An attacker can also send a POST request with a path traversal payload in the 'path' parameter to list the files in the directory.
This exploit allows an attacker to execute arbitrary code on a vulnerable Mini Mouse 9.2.0 system. The attacker can send a malicious payload to the target system via a POST request to the vulnerable URL. The payload is then downloaded and executed on the target system.
OpenEMR 4.1.0 is vulnerable to a SQL injection vulnerability in the 'u' parameter of the validateUser.php script. An attacker can exploit this vulnerability to extract the username and password hash of all users in the system.
An authentication bypass vulnerability exists in Basic Shopping Cart 1.0, which allows an attacker to bypass authentication by entering ' or '1'='1'# in the username field. This can be exploited by sending a specially crafted POST request to the adminlogin.php page.
An authentication bypass vulnerability exists in Simple Food Website 1.0, which allows an attacker to gain access to the admin panel without valid credentials. This is due to the application not properly validating user input, allowing an attacker to inject malicious SQL code into the username field. By entering ' or '1'='1'# in the username field, an attacker can bypass authentication and gain access to the admin panel.
RockstarService.exe suffers from an elevation of privileges vulnerability which can be used by an 'Authenticated User' to modify the existing executable file of the service with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the 'Authenticated Users Group' which grants the (M) Flag aka 'Modify Privilege'.
This exploit allows an unauthenticated attacker to execute arbitrary code on vulnerable F5 BIG-IP devices. Affected versions are 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2. The exploit uses the requests library to send a POST request to the /mgmt/shared/authn/login endpoint with a specially crafted payload. If successful, the response will contain a token which can be used to execute arbitrary code.
phpPgAdmin through 7.13.0 allows remote authenticated users to execute arbitrary code. An attacker can create a table named cmd_exec with one column, add type=text and cmd_out, and try to execute the query via a SQL tab. It will fail because of restrictions on statements. However, the attacker can bypass this step by uploading a .txt file (containing a SQL statement such as "COPY cmd_exec FROM PROGRAM" followed by OS commands) in the Browse bar. This achieves remote command execution via a "SELECT * FROM cmd_exec" statement.
Services By CQR