A blind SQL injection vulnerability is present in Ajax load more. An attacker can send a malicious POST request with a crafted payload to the vulnerable parameter 'id' in order to execute arbitrary SQL queries.
I found an Unrestricted Upload vulnerability for Moodle version 3.8 , that allows the attacker to upload or transfer files of dangerous types.
All API endpoints running on port 9877 under '/api/ams/' whereof some are reachable without authentication, do accept an additional custom header called 'Shard'. The value of this header is afterwards to construct a separate web request send by the application using a urllib.request.urlopen call. This can be abused to conduct SSRF attacks against otherwise unreachable internal hosts of Acronis services that are bound to localhost such as the 'NotificationService' running on 127.0.0.1:30572 with a request header like: Shard: localhost:30572/external_email?
An authenticated user can upload a malicious file to the server, allowing for remote code execution. This exploit was discovered by Victor Campos and Xavi Beltran and affects Laravel-Administrator version 4.
A vulnerability in Ruckus IoT Controller (Ruckus vRIoT) version 1.5.1.0.21 allows an attacker to execute arbitrary code remotely. This is due to the lack of authentication and authorization checks in the createUser API endpoint. An attacker can send a malicious payload in the username parameter of the API request and gain remote code execution.
WonderCMS 3.1.3 is vulnerable to stored cross-site scripting (XSS) via the 'uploadFile' parameter. An attacker can upload a malicious file containing a payload XSS with an extension such as HTML, SVG, or HTM. The malicious file can then be accessed via the URL http://target.lc/data/files/<name-file> and the XSS payload can be triggered.
The WordPress theme contains Brands feature which is vulnerable to stored cross site scripting. The logo URL parameter is vulnerable to cross site scripting. The following vector was used for testing XSS: '><script src='data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=='></script>. In order to reproduce the vulnerability, please follow the next steps: 1. Log in as editor/administrator/contributor/author: https://website.com/wp-admin 2. Go to Brands section 3. Click add new brand and add a custom brand title 4. The vulnerable parameter is: Logo URL / <input type='text' name='ftc_brand_url' id='ftc_brand_url' value=''> 5. Add the following payload: '><script src='data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=='></script> , where base64 == alert(document.domain) 6. Publish 7. The alert will pop up when a user will visit the website on https://website.com/brand/vulnerablebrand.
Pure-FTPd only lets a certain amount of connections to be made to the server, so, by repeatedly making new connections to the server, you can block other legitimite users from making a connection to the server, if the the connections/ip isn't limited.
Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent XSS. This vulnerability can results attacker to inject the XSS payload in Page keywords and each time any user will visits the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
docPrint Pro 8.0 is vulnerable to a local buffer overflow vulnerability when a maliciously crafted payload is added to the 'Add URL' field. This can be exploited to execute arbitrary code by an attacker.
Services By CQR