Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page.
A vulnerability found on login-in page of D-LINK ROUTER "DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1" which allows attackers to easily bypass CAPTCHA on login page by BRUTEFORCING. Attackers can gain access to the router's administrative interface without having to enter the correct CAPTCHA.
A malicious user can abuse the authenticated templates functionality to traverse out of the templates directory to read and write to any file on the webserver as www-data.
VMware vCloud Director suffers from an Expression Injection Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) via submitting malicious value as a SMTP host name.
Navigate CMS 2.8.7 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an admin user to the application. An attacker can craft a malicious HTML page which contains a malicious JavaScript code that can be used to add an admin user to the application. After having an authenticated admin access this HTML page, simply go to as an unauthenticated user (path may slightly vary depending on installation location): http://DOMAIN.com/navigate/plugins/chiv/chiv.php
Clinic Management System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.
Oriol Espinal CMS is vulnerable to a remote SQL injection vulnerability, where an attacker can inject malicious SQL queries via the 'id' parameter in the 'editar.php' script. An attacker can also exploit a file upload vulnerability by sending a malicious POST request to the 'upload2_iframe.php' script.
Clinic Management System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.
When a service is created whose executable path contains spaces and isn't enclosed within quotes, leads to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges (only if the vulnerable service is running with SYSTEM privilege level which most of the time it is).
The 'id' parameter's value is going into the SQL query directly, allowing an attacker to inject malicious SQL code. Proof of concept can be done using sqlmap or by adding a single quote to the URL.
Services By CQR