A buffer overflow vulnerability exists in CloudMe 1.11.2 which can be exploited by sending a specially crafted payload to the service running on port 8888. The vulnerability is caused due to a boundary error when handling user-supplied input, which can result in a stack-based buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
This exploit leverages a vulnerability in docker desktop community editions prior to 2.1.0.1 where an attacker can write a payload to a lower-privileged area to be executed automatically by the docker user at login.
This exploit allows an attacker to execute arbitrary code on a vulnerable system. The exploit works by writing a malicious payload to a file called hl2_relaunch in the /tmp directory. The payload is then executed when the vulnerable application is launched.
This product is unprotected against CSRF vulnerabilities. With this attack, you can add an admin account to the system. In addition, you can add files from the F.A.Q field as admin.There are no file restrictions here. Therefore, you can upload a PHP file here with CSRF.
There are multiple SQL injection vulnerabilities in Online Course Registration PHP script, such as in check_availability.php, change-password.php, admin/check_availability.php, admin/change-password.php, admin/index.php, index.php, includes/header.php, and pincode-verification.php. It is also possible to bypass the authentication in the two login pages.
A vulnerability in Netis E1+ 1.2.32533 allows an unauthenticated attacker to leak the WiFi password by sending a specially crafted HTTP request to the netcore_get.cgi file. This vulnerability can be exploited remotely.
Edimax EW-7438RPn 1.13 is vulnerable to Remote Code Execution. The vulnerability exists in the mp.asp and syscmd.asp files. An attacker can exploit this vulnerability by sending a specially crafted POST request to the vulnerable device.
When a request is sent to the /api/v1/App/user endpoint, user details can be accessed. By decoding the Basic Authorization and Espo-Authorization and changing the value with another username (like admin), other user information and access can be obtained.
Session Fixation vulnerability has been discovered in v2.2.0 version of Library CMS Powerful Book Management System. Admin HTTP Request: POST /admin/login HTTP/1.1 Host: XXX.XXX.XXX.XXX User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://XXX.XXX.XXX.XXX/admin/login Content-Type: application/x-www-form-urlencoded Content-Length: 49 Connection: close Cookie: activeLanguage=en_US; PHPSESSID=nfj6gk1murk6jq47lpk5cv7qq6; activeLanguage=en_US; _ym_uid=1579299191562269050; _ym_d=1579299191; _ym_visorc_46947615=w; _ym_isad=2 Upgrade-Insecure-Requests: 1 login=USERNAME&password=PASSWORD Member HTTP Request: POST /admin/login HTTP/1.1 Host: XXX.XXX.XXX.XXX User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://XXX.XXX.XXX.XXX/admin/login Content-Type: application/x-www-form-urlencoded Content-Length: 50 Connection: close Cookie: activeLanguage=en_US; PHPSESSID=nfj6gk1murk6jq47lpk5cv7qq6; activeLanguage=en_US; _ym_uid=1579299191562269050; _ym_d=1579299191; _ym_visorc_46947615=w; _ym_isad=2 Upgrade-Insecure-Requests: 1 login=USERNAME&password=PASSWORD
This module exploits a authenticated directory traversal vulnerability in Zen Load Balancer `v3.10.1`. The flaw exists in 'index.cgi' not properly handling 'filelog=' parameter which allows a malicious actor to load arbitrary file path.
Services By CQR