This exploit is a privilege escalation vulnerability in M/Monit 3.7.4. It allows an attacker to gain administrator privileges by sending a POST request to the '/api/1/admin/users/update' endpoint with the username, fullname, password, and admin flag set to 1. This will allow the attacker to gain full access to the M/Monit application.
The TestBox 'test-browser' page does not adequately sanitise the 'path' QueryString parameter, allowing an attacker to perform a directory traversal on the page by specifying the value 'path=/../' (appending '../' all the way up to the system root).
This exploit allows an authenticated user to read arbitrary files on the system. The exploit uses the Gitlab API to create two projects, one with an issue containing a malicious description and the other to move the issue to. The malicious description contains a link to the file that is to be read. The exploit uses the private token of the user to authenticate the API requests.
This exploit uses the upnpy library to discover UPnP devices on the network and access a specific service on the device by its ID. The 'X_GetAccess' action is then executed which returns a dictionary containing the cleartext password of 'admin' user.
This exploit allow change users password from SSLVPN web portal by exploiting the Magic backdoor vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10.
SQL injection exists in search.php. An attacker can use SQLMAP authentication to exploit the vulnerability. For details, please refer to: https://github.com/cbkhwx/cxuucmsv3/issues/1
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=. When payload '><ScRiPt>alert(1)</ScRiPt>' is inputted, the page will pop up an alert window.
ZeroLogon is a critical vulnerability in Microsoft Windows Netlogon that allows an attacker to completely compromise the Windows domain. The vulnerability exists in the way Netlogon handles certain requests. An attacker who successfully exploits this vulnerability can run a specially crafted application on a device on the network to take complete control of an affected domain controller, including changing the domain administrator’s password and gaining access to all data on the domain controller.
BigBlueButton is a web conferencing system that allows participants with the appropriate privileges to upload files in various formats to be used as presentation slides. Among other formats, BigBlueButton accepts LibreOffice documents. LibreOffice documents use the XML-based Open Document Format for Office Applications (ODF). For technical purposes, uploaded files are converted to PDF format with LibreOffice and afterwards to SVG for displaying. The ODF file format supports using the XML Linking Language (XLink) to create links between documents. When local files are referenced using XLinks, the contents of the respective files are included in the generated PDF file when BigBlueButton converts ODF documents with LibreOffice. This leads to an arbitrary file disclosure vulnerability. Furthermore, the XLink standard allows for the use of external resources. When external resources are referenced using XLinks, BigBlueButton will perform a request to the respective resource when converting ODF documents with LibreOffice. This leads to a server-side request forgery vulnerability.
Apache Struts 2.5.20 is vulnerable to a double OGNL evaluation vulnerability which allows an attacker to execute arbitrary commands on the server. This vulnerability affects Struts versions 2.0.0 to 2.5.20 (S2-059). The exploit is based on a Github example from PrinceFPF and was reported by Matthias Kaiser and Apple InformationSecurity. The vulnerability can be mitigated by upgrading to Struts 2.5.22.
Services By CQR