The Application Wrapper is the component that automates the Pearson VUE Testing System. The Wrapper is a scheduler that runs in the background on the test center’s server. VUEApplicationWrapper service has an unquoted service path vulnerability and insecure file permissions on "Pearson VUE" directory that allows to overwrite by everyone so that unauthorized local user can leverage privileges to VUEService user that has administrative rights."
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Attacker could bypass the authentication using simple sqli login bypass payload. The vulnerable code is located in the signin_form.php file, with the entry point at lines 7 and 8, and the exit point at line 10. The payload used is username: gh1mau@gh1mau.com and password: ' or '1'='1.
A persistent cross-site scripting vulnerability exists in the 'Edit OS' and 'Private Enterprise Numbers' functionalities of Pandora FMS. Vulnerable parameters include 'name', 'description', 'manufacturer' and 'description'.
Medical Center Portal Management System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a specially crafted HTTP POST request to the processlogin.php page with malicious SQL queries in the user and password parameters.
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
Tailor Management System 1.0 is vulnerable to unrestricted file upload to remote code execution. An attacker can upload a malicious image with the code 'exiftool -Comment='<?php system($_GET['cmd']); ?>' r0b0t.jpg' and rename the malicious image to have include a '.php' extention. Then, the attacker can log in to the CMS with any valid user credentials, select Measurement Settings and click on 'Set Measurement Parts', fill the required details and upload malicious image. After that, the attacker can select Measurement Settings and click on 'View/Edit Measurement Parts', use the search filter to find the measurement and click on 'edit' to edit details. Then, the attacker can right click on the broken image and copy image location. Finally, the attacker can paste image location in browser and execute arbitrary commands.
Multiple Persistent Cross-site Scripting in Multi Restaurant Table Reservation System allows attacker to gain sensitive information using these vulnerabilities. The vulnerability is triggered by adding payload in Restaurant Name field in profile.php and Table Name field in table-add.php.
A buffer overflow vulnerability exists in 10-Strike Network Inventory Explorer 8.65. An attacker can send a specially crafted payload to the vulnerable application to trigger a buffer overflow and execute arbitrary code.
A local file inclusion vulnerability exists in Setelsa Conacwin 3.7.1.2, which allows an attacker to include a local file on the web server. This can be exploited by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server. This can allow an attacker to gain access to sensitive information or execute arbitrary code on the server.
Services By CQR