This exploit primitive is used to gain arbitrary read/write access in Microsoft Edge. It uses a combination of a relative read/write primitive and an ArrayBuffer address leak to gain access to the memory of the browser. It then uses a JSView object to read and write data from the memory.
A Time Based SQL Injection vulnerability was discovered in Online Marriage Registration System 1.0, in omrs/user/search.php and in omsr/admin/search.php. The request is authenticated but it is possible to register a new user account. Following the vulnerable code: $sdata=$_POST['searchdata'];
Cross Site Scripting (XSS) vulnerability in the Remote JSON component. The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.
Cross Site Scripting (XSS) vulnerability in the 'To Remote CSV' component under 'Open' Menu in Flexmonster Pivot Table & Charts 2.7.17. The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). When using a malicious URL, the user navigates to an non-existing file (the XSS payload) which results in the execution of the payload.
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. Reflected XSS: The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.
The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.
The outputform, toclevels parameter appears to be vulnerable to OS command injection attacks. It is possible to use various shell metacharacters to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time delay commands to verify the existence of the vulnerability. It is also possible to cause the application to interact with an external domain, to verify that a command was executed. The payload |nslookup -q=cname mytest.com.& was submitted in the parameters. The application performed a DNS lookup for the specified domain name. Additionally, the payload |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #" |ping -n 21 127.0.0.1 was submitted in the parameters. The application took 20960 milliseconds to respond to the request, compared with 1348 milliseconds for the original request.
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. An issue was discovered in Spiceworks version 7.5.7.0 (may be affected on other versions too). The values of the 'Host' headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection attack and also the affected hosts can be used for domain fronting. This means affected hosts can be used by attackers to hide behind during various other attack.
This exploit allows an attacker to inject malicious code into the Academy-LMS 4.3 application. The attacker can gain access to the admin panel, access the courses page, open the course manager and SEO menu, paste the XSS payload tag and submit. When the course page is accessed on the frontend, the malicious code is triggered.
Services By CQR