This exploit is a SQL injection vulnerability in the 'uname' parameter of the Online Grading System 1.0. An attacker can send a malicious request to the login page of the application with a crafted 'uname' parameter that contains a malicious SQL query. This query will cause the application to sleep for 20 minutes, resulting in a denial of service.
Log in with a valid username and password. Navigate to the 'articles' tab on the left-hand side. Add the new post and then add the payload 'payload: <img src=# onerror=alert('xss')>' in 'text' parameter and click on save button. Post Saved successfully. Now, XSS will get stored and trigger every time and the attacker can steal authenticated users' cookies.
Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 are vulnerable to command injection via the msfvenom APK template command. An attacker can craft a malicious APK file with a malicious -dname parameter and use it to execute arbitrary code on the target system.
A denial of service vulnerability exists in jQuery UI version 1.12.1 and prior. An attacker can exploit this vulnerability by creating a dialog box with a long title, which will cause the application to crash. This can be done by using the jQuery UI dialog() method and passing a long string as the title parameter.
Umbraco CMS 7.12.4 is vulnerable to authenticated Remote Code Execution. An attacker can exploit this vulnerability to execute arbitrary code on the server. This exploit is based on the exploit published in Exploit-DB (https://www.exploit-db.com/exploits/46153). The exploit requires the attacker to have valid credentials to the Umbraco CMS. The exploit uses a malicious XSLT payload to execute the arbitrary code on the server.
OpenEMR is a free and open source electronic health records and medical practice management application. A vulnerability exists in OpenEMR versions prior to 5.0.1 (Patch 4) that allows an authenticated user to execute arbitrary code on the server. This is due to the lack of input validation in the 'interface/main/calendar/add_edit_event.php' script, which allows an attacker to inject arbitrary PHP code into the 'form_comments' parameter. This code is then executed by the server when the 'Save' button is clicked.
CMSUno 1.6.1 and 1.6.2 are vulnerable to Remote Code Execution via the 'lang' and 'user' parameters. An authenticated user can execute arbitrary code on the server by sending a specially crafted HTTP request.
EgavilanMedia PHPCRUD 1.0 is vulnerable to Stored Cross Site Scripting. An attacker can inject malicious JavaScript code into the 'Full Name' parameter, which will be stored in the database and executed when the page is loaded. To exploit this vulnerability, an attacker can go to http://localhost/PHPCRUD/, click on 'add new record' and fill the details with a malicious JavaScript payload, such as ':"><svg onload=alert(1)//'. When the page is reloaded, the malicious payload will be executed.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The NVR software ProVision suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the files parameter in archive download script (archive.rb) is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files.
Services By CQR