There is an interesting bug in a Mitel's servers for Voice over IP that allows to discover the numbers called and the numbers calling trought this dhcp server. This server is configurable via http interface and via telnet; in this case, if there is a call at moment of login/pass request, the attacker can view the call data information.
In Anuko Time Tracker v1.19.23.5311 and prior, the password reset link emailed to the user doesn't expire once used, hence the attacker could use the same link to take over the victim's account. An Attacker needs to have the link for successful exploitation. A malicious user could use the same password reset link of the victim multiple times to take over the account.
Anuko Time Tracker v1.19.23.5311 and prior, lacks rate limit on the password reset module which allows attackers to perform Denial of Service attack on any legitimate user's mailbox. Attacker could perform Denial of Service on a legitimate user's mailbox. To exploit this vulnerability, the attacker needs to go to the 'Password Reset' module and enter any user's login name, click on 'Reset Password' and capture this request, and replay this request n number of times.
ChurchCRM application allows stored XSS, via 'Add new Deposit' module, that is rendered upon 'View All Deposits' page visit. An attacker can inject malicious JavaScript code in the 'Deposit Comment' field and when a user visits the 'View All Deposits' page, the malicious code will be executed.
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in List Event Types feature in ChurchCRM v4.2.0 via Name field that is mistreated while exporting to a CSV file. To exploit this vulnerability: 1. Login to the application, goto 'Events' module and then 'List Event Types' 2. Edit any event and inject the payload =10+20+cmd|' /C calc'!A0 in the 'Name' field 3. Now goto 'List Event types' module and click CSV to download the CSV file 4. Open the CSV file, allow all popups and our payload is executed (calculator is opened).
An attacker can bypass the user login panel with only an email address by using a payload of <email>' OR '1'='1 in both the username and password fields.
The coordinator of the Zigbee network (Zigbee gateway) does not correctly check the sequence number of the packets that are sent to it, which allows forging messages from an end device to the coordinator (example: turn on a light bulb, open a door, ...) by injecting a very large value in the "sequence number" field.
DotCMS 20.11 is vulnerable to stored cross-site scripting (XSS) in the Template Title parameter. An attacker can inject malicious JavaScript code into the Template Title parameter, which will be executed when the template is viewed. This can be used to steal cookies, hijack sessions, and perform other malicious activities.
Authenticate as a user (or signup as an artist), go to edit profile, upload a php-shell as profile picture and click update/save, find your shell at 'http://<ip>/<base_url>/pictures/profile/<shell.php>' and get command execution.
Authenticate as a user (or signup as an artist). Click the drop down for your username and go to My ART+BAY. Click on My Artworks > My Available Artworks > Add an Artwork. Click on any type of artwork and instead of the picture, upload your php-shell > click on upload. Find your shell at 'http://<ip>/<base_url>/pictures/arts/<shell.php>' and get command execution.
Services By CQR