The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Authenticated Users' group.
The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' and 'Authenticated Users' group.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
An issue was discovered in CouchCMS v2.2.1 that allows SSRF via an /couch/includes/kcfinder/browse.php SVG upload. The upload URL is /couch/includes/kcfinder/browse.php?nonce=[yournonce]&type=file&CKEditor=f_main_content&CKEditorFuncNum=1&langCode=en and the SVG content contains an xlink:href attribute pointing to a malicious IP address.
VestaCP 0.9.8 is vulnerable to command injection in the 'v_sftp_licence' parameter. An attacker can inject arbitrary commands into the parameter and execute them on the server. This vulnerability can be exploited by an unauthenticated attacker.
The web application allows for an unauthenticated file upload which can result in a Remote Code Execution. An attacker can upload a malicious file containing a reverse shell payload, which can be triggered to gain access to the system.
This software allows system administrators to view and control the status of their networked Brother and most other SNMP compliant printing devices. If a user can insert a executable which is called as 'BRAdmin' under the 'C:Program Files (x86)Brother', local system privileges could be obtained by the user.
A stored XSS vulnerability exists in Boonex Dolphin 7.4.2. An attacker can inject malicious JavaScript code into the 'width' parameter of the 'Pages Builder' page. This code will be executed when an authenticated user visits the page. An attacker can use this vulnerability to steal cookies and gain access to the user's account.
Plone CMS 5.2.3 is vulnerable to stored XSS. An attacker can inject malicious JavaScript code in the 'Title' field of the Site Setup page. When a user visits the page, the malicious code is executed in the user's browser.
Hestia Control Panel version 1.3.2 is vulnerable to an arbitrary file write vulnerability. An attacker can exploit this vulnerability by sending a specially crafted POST request to the /api/index.php endpoint with the v-make-tmp-file command and the path of the file to be written. This can be used to write an SSH key to the authorized_keys file, allowing the attacker to gain access to the server.
Services By CQR