MedDream PACS Server 6.8.3.751 is vulnerable to Remote Code Execution. An unauthenticated attacker can exploit this vulnerability by creating a one line php shell to call commands, running the script on the attacking machine, and entering parameters such as IP, filename, and command. The attacker can then use varying time checks to call the command and view the output.
Small CRM 2.0 is vulnerable to SQL Injection in the 'email' parameter of the forgot-password.php page. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable parameter. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
An arbitrary file upload vulnerability exists in openMAINT 1.1-2.4.2. A malicious file can be uploaded directly to the /upload/images directory with the file name unchanged. This can be exploited by sending a specially crafted HTTP POST request to the /openmaint/services/json/file/upload endpoint with malicious code in the request body.
An authenticated persistent cross-site scripting (XSS) vulnerability exists in DynPG 4.9.1. An attacker can exploit this vulnerability by sending a malicious payload to the application via the 'Groupname' parameter. The malicious payload is then stored in the application and is triggered when the application is accessed by an authenticated user.
Persistent Cross Site Scripting vulnerability has been found on the Admin/User Panel. Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
RedTeam Pentesting discovered a Denial-of-Service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script which reboots the device.
A vulnerability in SEO Panel 4.6.0 allows an attacker to upload a webshell and execute arbitrary commands on the server. This is achieved by exploiting the lack of authentication in the 'websites.php' page, which allows an attacker to upload a webshell and execute arbitrary commands on the server.
Textpattern CMS 4.6.2 is vulnerable to persistent cross-site scripting (XSS) in the 'body' parameter. An attacker can exploit this vulnerability by logging into the administrator page and writing a new blog post with a malicious payload in the 'body' parameter. The payload will then be executed when the page is viewed.
The BACNet Test Server is vulnerable to a denial of service (DoS) vulnerability when sending malformed BVLC Length UDP packet to port 47808 causing the application to crash.
EasyPMS has authentication bypass vulnerability that low privilege user can escalate privilege to HotelOwner admin privilege. Unprivileged user can manipulate sql query within json request format. Admin user code can be obtained using single quote after ID column so that where clause is invalid. While user is sending password resetting request, can change password of Admin user that is inside HotelOwner privilege class.
Services By CQR