An issue was discovered, common to all the TP-Link products including WIFI Routers(Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers. The issue is an unauthenticated stored cross-site scripting vulnerability in the 'setDefaultHostname' parameter. The vulnerability exists due to improper validation of user-supplied input in the 'setDefaultHostname' parameter. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable device. The attacker can inject malicious JavaScript code in the 'setDefaultHostname' parameter, which will be stored in the device's configuration. This malicious code will be executed in the context of the user's browser whenever the user visits the vulnerable page.
VSFTPD only lets a certain amount of connections to be made to the server, so, by repeatedly making new connections to the server, you can block other legitimite users from making a connection to the server, if the the connections/ip isn't limited.
An Authenticated RCE vulnerability was discovered in the WP Super Cache plugin through 1.7.1 for WordPress. RCE due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. Another possible attack vector: from XSS to RCE.
Moodle 3.10.3 is vulnerable to a persistent cross-site scripting vulnerability. An attacker can exploit this vulnerability by creating a new event in the calendar and inserting malicious code in the 'Field Label' field. The malicious code will be stored in the database and will be executed when the event is opened. The malicious code can be in the form of an image tag with an onerror attribute or an embed tag with a base64 encoded script.
Regis Inventory And Monitoring System, suffers from a stored cross site scripting on Item's List Category. An attacker can exploit this vulnerability by logging in as an admin, visiting the item.php page, clicking add a New Item and inputting a malicious payload on the 'Generic Name' textbox. After inputting the Item values and submitting the form, it will trigger an XSS pop-up.
Dolibarr ERP/CRM 11.0.4 is vulnerable to an authenticated remote code execution (RCE) due to a lack of file upload restrictions. An attacker can exploit this vulnerability by uploading a malicious file with an executable extension, bypassing the file extension blacklist. This can be done by using one of three methods: extension-bypass, file-renaming, or htaccess.
Genexis Platinum-4410 Home Gateway Unit is vulnerable to stored XSS in the 'start_addr' parameter. This could allow attackers to perform malicious action in which the XSS popup will affect all privileged users. To reproduce, login to the firmware as any user, navigate to Manage tab--> Security Management, enter any valid value in Start Source Address and fill all other fields. Click Add. Capture this request in Burp Suite. Enter payload <script>alert(1)</script> in 'start_addr' text box and forward the request. Relogin as any user and again navigate to Manage tab--> Security Management and observe the XSS popup showing persistent XSS.
Cross-Site Scripting Vulnerability on modern versions of Linksys Smart-Wifi home routers caused by outdated jQuery(strInput) version : <= 1.7.1 (Fixed in version 1.9.0). When logging into the router (http://LHOST or http://LHOST:10080), choose 'Click Here' next to 'Dont Have an Account?' or Choose 'click here' after 'To login with your Linksys Smart Wi-Fi account', you will be redirected with a login prompt with both Email Address and Password forms. Make your email address '<img src=0 onerror=alert(XSS)' without the double quotes. Payload will be triggered when mouse is clicked anywhere within the Email Address form box or when form is submitted.
This exploit allows an authenticated user to inject arbitrary SQL commands into the 'id' parameter of the 'index.php' page of Ovidentia 6. By exploiting this vulnerability, an attacker can gain access to the database and extract sensitive information.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
Services By CQR