A vulnerability in Liferay CE Portal 6.0.2 allows an attacker to execute arbitrary commands on the target system. The vulnerability exists due to improper validation of user-supplied input in the application. An attacker can exploit this vulnerability by sending a specially crafted payload to the application. This will allow the attacker to execute arbitrary commands on the target system.
Kibana is an open source data visualization dashboard for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Most of the kibana applications are having authentication disabled any malicious user can inject csv payload in visualization section of dashboard and It's possible to run malicious command on logged in user computer.
It is possible to call binaries not only in default $USER$ path by adding Poller's Resources. By adding two entries it is possible to trigger a download exec reverse shell. Note, your reverse shell is persistent because Centreon execute your payloads all 10 minutes by default.
It is possible to discover the unencrypted password with the inspector.
A vulnerability in BlueGate allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a lack of proper validation of user-supplied input when handling UDP packets. An attacker can send a specially crafted packet to the target system, which will cause a buffer overflow and allow the attacker to execute arbitrary code on the target system.
BlueGate is vulnerable to a denial of service attack due to a flaw in the DTLS protocol. An attacker can send a large number of packets with a large fragment size to the target, causing the target to crash. This vulnerability affects BlueGate versions prior to 1.2.0.
This proof of concept code monitors file changes on Ricoh's driver DLL files and overwrites a DLL file before the library is loaded.
This exploit allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack against the OLK Web Store 2020. The attacker can craft a malicious request to the login page of the OLK Web Store 2020, which will then be executed by the victim's browser. The malicious request will contain the attacker's credentials, which will be used to authenticate the attacker and gain access to the OLK Web Store 2020.
Webtareas v2.0 is vulnerable to an authenticated SQL injection vulnerability. An attacker can send a specially crafted HTTP request to the vulnerable server to inject malicious SQL commands and gain access to sensitive data from the database.
This exploit allows an attacker to traverse the file system of the Pachev FTP Server 1.0 and retrieve the contents of the /etc/passwd file.
Services By CQR