Valve Dota 2 (schemasystem.dll) before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. Attacker need invite a victim to play on attacker game server using specially crafted map or create custom game, then when initialize the game of the victim, the specially crafted map will be automatically downloaded and processed by the victim, which will lead to the possibility to exploit vulnerability. Also attacker can create custom map and upload it to Steam.
LearnDash is one of the most popular and easiest to use WordPress LMS plugins in the market. It allows users to easily create courses and sell them online and boasts a large customer base. The plugin allows users to search for courses they have subscribed to using the [ld_profile] search field, which was found to be vulnerable to reflected cross site scripting. All WordPress websites using LearnDash version 3.0.0 through 3.1.1 are affected. Once the user is logged in to the WordPress website where the vulnerable LearnDash plugin is installed, the XSS payload can be inserted into the Search Your Courses box. The payload gets executed because the user input is not properly validated. As a result, passing the XSS payload as a query string in the URL will also execute the payload.
ForcePoint Web Security 8.5 is vulnerable to a reflective cross-site scripting vulnerability due to insufficient validation of the Host header. An attacker can exploit this vulnerability by intercepting the traffic while accessing a restricted website and modifying the Host header to inject malicious JavaScript code. This code will be executed in the context of the vulnerable website.
By having a user import a crafted .gpx file (XML Based GPS data file), it is possible to execute a XXE injection which retrieves local files and exfiltrates them to a remote attacker.
EyesOfNetwork 5.3 is vulnerable to Remote Code Execution. We were able to run the 'id' command with the following payload in the target field : ';id #'. As the apache user is allowed to run nmap as root, we were able to execute arbitrary commands by providing a specially crafted NSE script. nmap version 6.40 is used and doesn't have the -c and -e options. PoC: /eonapi/getApiKey?username=' union select sleep(3),0,0,0,0,0,0,0 or ' Auth bypass: /eonapi/getApiKey?&username=' union select 1,'admin','1c85d47ff80b5ff2a4dd577e8e5f8e9d',0,0,1,1,8 or '&password=h4knet
VehicleWorkshop 1.0 is vulnerable to SQL Injection. The vulnerability exists due to user-supplied input to the 'bookingid' parameter in '/viewtestdrive.php' not being properly sanitized before being used in SQL queries. An attacker can leverage this vulnerability to execute arbitrary SQL commands in the context of the application's database user.
QuickDate 1.3.2 is vulnerable to SQL Injection. An attacker can send a malicious POST request to the application with a crafted payload to inject malicious SQL queries into the application. This can allow the attacker to gain access to sensitive information stored in the database.
A vulnerability in the LanFabricImpl createLanFabric command of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted system. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
A vulnerability in the HostEnclHandler getVmHostData function of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system with the privileges of the web server. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with the privileges of the web server.
A vulnerability in the Cisco Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web server process. Cisco has released software updates that address this vulnerability.
Services By CQR