Journal, the best selling OpenCart theme used in over 25K websites, was found to expose sensitive information and be potentially vulnerable to more attacks such as SQL Injection. Sensitive Data Exposure, an OWASP Top 10 vulnerability, occurs when an application fails to adequately secure sensitive data. The information exposed can include passwords, session tokens, credit card data, private health data, and more. Due to the way the “page” parameter is typecast as an integer in /catalog/controller/journal3/blog.php, if someone enters a string, this results in a detailed error message showing SQL error, database details, and internal path.
The SAntivirus IC 10.0.21.61 software contains an Unquoted Service Path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists because the software does not properly quote the path to the service executable. An attacker can exploit this vulnerability by placing malicious code in the same directory as the service executable and then executing it with elevated privileges.
DigitalPersona 5.1.0.656 contains an Unquoted Service Path vulnerability in the DpHostW.exe service. This can be exploited by a local attacker to gain elevated privileges on the affected system.
touchbase.ai application allows stored XSS, via the 'Add User' module, that is rendered upon 'Contacts' page visit. To exploit this vulnerability, the attacker needs to login to the application, goto 'Contacts' module and add the user. Inject the payload = <marquee onstart=alert(document.cookie)> in the 'Name' field, fill the other details, and save the details. Go to the 'Contacts' module again, and the XSS Script is executed in the name field and the pop-up appears with the session cookie details.
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible.
This Module performs brute force attack on Bludit Panel.
This module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenicated user. The vulnerability is due to a failure filter out percent encoded newline characters (%0a) within the HTTP argument 'SystemCmd' when invoking "/apply.cgi" which bypasses the patch for CVE-2018-9285.
SQL Injection in 'username' and 'password' parameters allows attacker to run the SQL commands on the victim to extract entire DB. In advanced exploitation, an attacker can run the arbitrary code on the victim system to compromise it.
CMSUno 1.6.2 is vulnerable to authenticated remote code execution. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable URL. The payload will be executed on the server and a reverse shell will be established.
A SQL injection vulnerability in Customer Support System 1.0 allows remote unauthenticated attackers to bypass the authentication process via username and password parameters.
Services By CQR