Textpattern CMS version 4.8.4 is vulnerable to a persistent cross-site scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code into the URL field of the 'Comments' page in the Textpattern CMS admin panel. When a user visits the page, the malicious code will be executed in the user's browser.
An attacker can upload a malicious file to the web server by exploiting the arbitrary file upload vulnerability in the Online Ordering System 1.0. This vulnerability can be exploited by an attacker to execute arbitrary code on the web server.
A CSRF vulnerability was found on the e107 CMS. An attacker can change the password of any user by sending them a malicious link. The malicious link contains a code which when clicked by the user, changes the password of the user.
AnyDesk 5.5.2 is vulnerable to Remote Code Execution. An attacker can send a specially crafted packet to the AnyDesk service on port 50001 to execute arbitrary code. The packet contains a malicious payload which is then executed on the target system.
An authenticated blind and error based SQL injection vulnerability exists in the Local Services Search Engine Management System (LSSMES) version 1.0. An attacker can exploit this vulnerability by adding a double quote (") in the URL after the editid parameter. This can be exploited to gain access to the database and potentially execute arbitrary code.
A persistent cross-site scripting (XSS) vulnerability exists in Local Services Search Engine Management System (LSSMES) 1.0, which allows an attacker to inject malicious JavaScript code into the application. An attacker can exploit this vulnerability by sending a specially crafted request to the application. The malicious code will be executed in the browser of the victim when the vulnerable page is accessed. This can be used to steal session cookies, hijack user accounts, and perform other malicious activities.
Stored/persistent XSS has been discovered in the Web Based Quiz System created by sourcecodester/janobe in registration form in name parameter affected from this vulnerability. payload: <script>alert(document.cookie)</script>
A vulnerability in Tiny Tiny RSS before 2020-09-16 allows remote attackers to execute arbitrary code by leveraging the ability to inject arbitrary data into a malicious RSS feed. This is due to the lack of proper input validation in the 'config.php' file. An attacker can craft a malicious RSS feed containing a specially crafted link which can be used to execute arbitrary code on the vulnerable system.
Stored/persistent XSS has been discovered in the Web Based Quiz System created by sourcecodester/janobe in adding questions in options parameter affected from this vulnerability. payload: </script><script >alert(document.cookie)</script>
The web application allows for an unauthenticated file upload which can result in a Remote Code Execution. A python script is provided to upload a reverse shell php file and trigger it by requesting the login page.
Services By CQR