An authenticated user can execute arbitrary code on the vulnerable Gitlab 11.4.7 portal by sending a specially crafted payload. The payload contains a malicious command which is executed when the project is created. This exploit was demonstrated in the Real World CTF 2018.
This exploit allows an attacker to gain root privileges on Macally WIFISD2-2A82 2.000.010 devices. The vulnerability is due to an authentication bypass in the web interface. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the web interface. This will allow the attacker to gain access to the telnet interface as the admin user. The attacker can then use the telnet interface to change the admin password and gain root privileges.
Rumble Mail Server version 0.51.3135 is vulnerable to Stored XSS. By sending a specially crafted HTTP POST request to the '/users' endpoint, an attacker can inject malicious JavaScript code into the 'username' parameter. This code will be executed when the user visits the '/users' page.
The parameters `domain` and `path` are vulnerable to stored XSS. An attacker can exploit this vulnerability by sending a malicious POST request with a crafted payload in the `domain` and `path` parameters.
Rumble Mail Server 0.51.3135 is vulnerable to Stored XSS. An attacker can send a malicious POST request with a crafted 'servername' parameter to the '/settings:save' endpoint. This will cause the malicious script to be stored in the application and executed when the page is loaded.
An unauthenticated attacker can access the 'readme.txt' file to reveal the plugin version, 'env-info.php' file to reveal the server information and 'restore-info.json' file to reveal the name and location of the archive containing the backups without authentication.
Seacms 11.1 is vulnerable to Stored XSS. An attacker can inject malicious JavaScript code into the 'checkuser' parameter of the 'admin_safe.php' page. When a user visits the page, the malicious code will be executed in the user's browser.
Seacms 11.1 is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious payload to the vulnerable parameter 'file'. The payload can be used to read the content of any file on the server, such as C:/windows/system.ini. This can lead to sensitive information disclosure.
Seacms 11.1 is vulnerable to Remote Command Execution due to improper input validation of the 'ip' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with a malicious payload to the vulnerable server. The payload ';phpinfo();//' can be used to execute arbitrary code on the vulnerable server.
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. The vulnerability is the first parameter's name of the POST request. If we send a lot of 'A' characters to 'PARAM_NAME1', the miniweb server will crash.
Services By CQR