The SQLi injection does not allow UNION payloads. However, we can guess usernames and passwords fuzzing the database. A Python script was used to send payloads to the server and guess usernames and passwords. The lack of verification results in a warning message from Python. To get a clean output, all warnings were ignored.
The file front.php does not perform input validation on the 'rid' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
WP Courses plugin < 2.0.29 does not protect the courses which could be accessed by unauthenticated users using the REST API (/wp-jon/) endpoints (for example /wp-json/wp/v2/lesson/{lesson_id}) This could result in attackers accessing paying content without authorization.
Loan Management System 1.0 is vulnerable to multiple Cross Site Scripting (Stored) attacks. An attacker can inject malicious JavaScript code into the vulnerable pages by using the edit button in the right, action column. The malicious code is then stored in the database and is executed when the page is loaded. This can lead to the theft of sensitive information such as session cookies and other credentials.
To exploit this vulnerability, once logged into the router, a WAN service must be created. Click on 'Advanced Setup', 'WAN Service'. 'Add button', 'Next'. Then insert the payload into the 'Enter Service Description' field. This was used for the PoC <script>alert('xss');</script>. Then click on 'Next' four times to go on through the steps and finally click on 'Apply/Save'. The result of the XSS will be displayed and triggered on the WAN services page.
The CMS Typesetter has functionality (web interface) where it is possible through an account with privileges to perform uploads. Through this functionality, it is possible to upload a .zip file that contains a malicious .php file. In the same functionality, there is also the possibility to extract the file through the same web interface, the attacker only needs to extract the .zip that was previously loaded and click on the malicious .php file to execute commands in the operating system.
PHPGurukul hostel-management-system 2.1 is vulnerable to Cross-Site Scripting (XSS) attacks via the Guardian Name, Guardian Relation, Guardian Contact no, Address, and City fields. An attacker can inject malicious JavaScript code into these fields when booking a hostel, which will be triggered when the admin views the student's record. This can be used to steal user data or perform other malicious activities.
A vulnerability in Jenkins 2.63 allows an attacker to bypass the sandbox protection of the Groovy plug-in by URL encoding the malicious code. This allows an attacker to execute arbitrary commands on the server.
HiSilicon video encoders are vulnerable to an unauthenticated buffer overflow in the RTSP protocol. This vulnerability can be exploited to cause a denial of service (DoS) attack. The exploit involves sending a specially crafted RTSP request with an excessively long CSeq header to the vulnerable device. This will cause the device to crash and become unresponsive.
A vulnerability in HiSilicon video encoders from URayTech, J-Tech Digital, and ProVideoInstruments allows an attacker to gain full administrative access to the device by using a backdoor password. The backdoor password can be retrieved by sending a request to the device's web server. Once the password is retrieved, the attacker can log into the admin interface with the user 'admin' and the retrieved password.
Services By CQR