When a maliciously crafted file is opened in Core FTP LE 2.2, the program crashes and is unable to be reopened until it is uninstalled and reinstalled. This is due to a buffer overflow vulnerability in the program.
A denial of service vulnerability exists in Odin Secure FTP Expert 7.6.3. An attacker can generate a new file with the name 'bune.txt' containing a payload of 6000 'A' characters. When the content of 'bune.txt' is pasted into the 'Quickconnect site' tab of the 'connect' tab in the application, the application will crash.
This exploit allows an attacker to cause a denial of service (DoS) by creating a new .txt file with a buffer of 1000 'Z' characters and then copying the content of the file into the Subject title field of the program aSc Timetables 2020.
A Denial of Service vulnerability exists in SpotFTP-FTP Password Recover 2.4.8 when a maliciously crafted file is used to cause a buffer overflow. An attacker can exploit this vulnerability by creating a file with a large amount of data and then copying the contents of the file into the Key field of the Enter Registration Code window. This will cause the application to crash.
A remote code execution vulnerability exists in Cacti 1.2.8 due to insufficient sanitization of user-supplied input. An unauthenticated attacker can exploit this vulnerability by sending a malicious payload to the vulnerable server to execute arbitrary code. This vulnerability is identified as CVE-2020-8813.
A vulnerability in Aptina AR0130 960P 1.3MP Camera allows an attacker to remotely disclose the configuration of the camera. This vulnerability is due to improper authentication of the camera. An attacker can send a specially crafted request to the camera to disclose the configuration of the camera.
DNN allows normal users to upload XML files by using journal tools in their profile. An attacker could upload XML files which may execute malicious scripts in the user’s browser. In XML, a namespace is an identifier used to distinguish between XML element names and attribute names which might be the same. One of the standard namespaces is “http://www.w3.org/1999/xhtml” which permits us to run XHTML tags such as <script>. For instance, uploading the following code as an XML file executes javascript and shows a non-harmful ‘XSS’ alert. Though stealing of authentication cookies are not possible at this time (because the authentication’s cookies are set as HttpOnly by default), XSS attacks are not limited to stealing users’ cookies. Using XSS vulnerability, an attacker can perform other more damaging attacks on other or high privileged users, for example, bypassing CSRF protections which allows uploading “aspx” extension files through settings page which leads to upload of backdoor files.
The eLection Web application is vulnerable to authenticated SQL Injection which leads to remote code execution. Login to the admin portal and browse to the candidates section. Capture the request in BurpSuite and save it to file. Send the request to SQLMap with the following parameters: sqlmap -r getcandidate --level=5 --risk=3 --os-shell -p id. SQLMap will find the injection.
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1. By running 'select hostdetails from hostdetails' at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses the following restrictions: a query cannot mention 'password', and a query result cannot have a 'password' column.
This exploit allows an attacker to remotely access the configuration of a Revotech I6032B-P POE 1920x1080P 2.0MP Outdoor Camera. The exploit uses a GET request to the camera's CGI-bin/config.bin file, which returns a gzip-compressed file containing the camera's configuration.
Services By CQR