Mara CMS 7.5 suffers from a Reflected Cross Site Scripting vulnerability. This Reflected XSS vulnerability allows any authenticated user to inject malicious code via the parameter contact.php?theme=<inject>. The vulnerability exists because the parameter is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser.
This parameter 'id' is vulnerable to Union-Based blind SQL injection in this path '/online%20book%20store/detail.php?id=44' that leads to retrieve all databases.
The application suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.
Nagios Log Server is a popular Centralized Log Management, Monitoring, and Analysis software that allows organizations to view, sort, and configure logs. Version 2.1.6 of the application was found to be vulnerable to Stored XSS. An attacker (in this case, an authenticated regular user) can use this vulnerability to execute malicious JavaScript aimed to steal cookies, redirect users, perform arbitrary actions on the victim’s (in this case, an admin’s) behalf, logging their keystroke and more. The 'Full Name' and 'Username' fields in the /profile page or /admin/users/create page are vulnerable to Stored XSS. Once a payload is saved in one of these fields, navigate to the Alerting page (/alerts) and create a new alert and select Email Users as the Notification Method. As the user list is shown, it can be seen that the payload gets executed.
This parameter 'id' is vulnerable to Error-Based blind SQL injection in this path '/alphaware/details.php?id=431860' that leads to retrieve all databases.
The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE.
A vulnerability exists in Mida eFramework 2.9.0 which allows an attacker to execute arbitrary code on the vulnerable system. This is due to the application not properly validating user-supplied input before using it in an OS command. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. Successful exploitation of this vulnerability could result in arbitrary code execution on the vulnerable system.
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. The AccessNow server will return an attacker friendly response, exfiltrating which ports are listening for connections. This can bypass Firewall rules and undermine the integrity of other systems and security controls in place.
EIBIZ i-Media Server is vulnerable to unauthenticated configuration disclosure when direct object reference is made to the SiteConfig.properties file using an HTTP GET method. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.
The application suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.
Services By CQR