This exploit allows an attacker to gain remote code execution on a vulnerable qdPM 9.1 system. The exploit works by exploiting a path traversal vulnerability in the qdPM 9.1 application, which allows an attacker to upload a malicious .htaccess file to the web root directory. The malicious file contains a payload which is executed when the application is accessed.
The free, open source, light-weight and easy-to-use password manager KeePass Password Safe is vulnerable to a denial of service attack. An attacker can exploit this vulnerability by dragging and dropping an HTML file containing malicious JavaScript code into the Help section of the application. This will cause the application to crash.
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for locally stored FTP server passwords is hard-coded in the binary. Passwords encoded as hex are coverted to decimal which is then computed by adding the key "97F" to the result. The key 97F seems to be the same for all executables across all systems. Finally, passwords are stored as decimal values. If a user chooses to save the project the passwords are stored in ".CFTP" local configuration files. They can be found under "C:Users<VICTIM>AppDataRoamingNeowiseCarbonFTPProjects".
ManageEngine Network Configuration Manager (NCM) is vulnerable to a time-based blind SQL injection vulnerability. This vulnerability exists in the 'apiKey' parameter of the 'getOverviewList' API endpoint. An attacker can send a specially crafted HTTP request with a malicious payload to the vulnerable API endpoint, which can be used to extract information from the database.
Authenticated Remote Code Execution on Centreon Web Appliances. Affected versions: =< 18.10, 19.04 By amending the Macros Expression's default directory to / we are able to execute system commands and obtain a shell as user Apache.
A maliciously crafted crash.key file can cause a denial of service in Sysax Multi Server 5.50 when uploaded to the software. The software will crash and never run again.
The parameter 'userUsername=' is vulnerable to Stored Cross-site scripting. An attacker can craft a malicious javascript and attach it to the stored xss, when admin visits the /admin/user page the payload will trigger.
Easy XML Editor version 1.7.8 and before are affected by XML External Entity Injection vulnerability through the malicious XML file. This allows a malicious user to read arbitrary files.
The Plantronics Hub client application for Windows makes use of an automatic update service `SpokesUpdateService.exe` which automatically executes a file specified in the `MajorUpgrade.config` configuration file as SYSTEM. The configuration file is writable by all users by default.
GTalk Password Finder 2.2.1 is vulnerable to a denial of service attack when a maliciously crafted input is sent to the 'Key' field. An attacker can exploit this vulnerability by creating a file (poc.txt) with a large number of characters and then copying and pasting the characters in the 'Key' field, which will cause the application to crash.
Services By CQR