Batflat CMS version 1.3.6 is vulnerable to authenticated remote code execution. An attacker can exploit this vulnerability by sending a malicious POST request to the add-user endpoint URL with the command to be executed. This vulnerability was discovered by mari0x00 and was assigned CVE-2020-35734.
This is a POC for Apport exploit, we exploited these bugs by launching a reverse shell to 127.0.0.1:1234. To compile the exploit code several packages are needed: sudo apt-get install build-essential nasm gcc. The reverse shell will connect on the next execution of logrotate.
Gitea is vulnerable to authenticated remote code execution. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. This vulnerability affects Gitea versions >= 1.1.0 to <= 1.12.5. The vulnerability is due to the lack of proper input validation in the 'user/settings/ssh' endpoint. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable server.
Nsauditor 3.2.2.0 is vulnerable to a denial of service attack when a malicious user sends a large amount of data to the 'Event Description' field. This can be exploited by a remote attacker to crash the application.
AgataSoft PingMaster Pro 2.1 is vulnerable to a denial of service attack. An attacker can create a malicious .txt file containing a large number of 'S' characters and then copy the content of the file into the 'Host name' field in the 'Trace Route' option of the program. This will cause the program to crash.
Managed Switch Port Mapping Tool 2.85.2 is vulnerable to a denial of service attack. An attacker can create a file with a large amount of data and paste it into the IP Address and SNMP v1/v2c Read Community Name fields to cause a denial of service.
To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert(1) " this XSS payload on Display name field and click on the Save button. Then refresh the page and hover the mouse on Display name filed and our XSS message pop up.
The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'. A curl request for authentication bypass via sql injection in parameter 'email' can be used to exploit the vulnerability.
Any installed application on a victim's phone can add arbitrary tasks to users through insecure IPC handling. A malicious application has several ways of how to achieve that: 1. By sending multiple intents to ShareLink activity (com/todoroo/astrid/activity/ShareLinkActivity.java). Tasks application adds the first requested 'task' to the user's task list. 2. By sending an intent to VoiceCommand activity (org/tasks/voice/VoiceCommandActivity.java). The application does not validate intent's origin, so any application can append tasks to the user's task list. We used the Drozer application to emulate malicious app activity.
The 'searchteacher' parameter in search-teacher.php is vulnerable to SQL injection. An attacker can send a malicious curl request to display the admin username and password hash.
Services By CQR